Most UK Local Authorities Don’t Fund Security Training – Report
A shocking 86% of UK local authorities have allocated no funds to IT security training this fiscal year and many have no management plans in place to protect staff-issued mobile devices, according to new research from Citrix.
The cloud and virtualization company sent FoI requests on the matter to 129 councils, 109 of which replied.
They revealed that while £1.2 million has been committed to health and safety training, meditation, ‘managing difficult situations’ and more, just over £104,000 had been allocated to data protection and IT security training this fiscal year.
The figure is further diminished by the fact that just 24 out of 109 local authorities provide any IT training at all – and some of these only offer free e-learning courses, according to Citrix.
The FoI requests also revealed that over the past two fiscal years local authorities across the UK issued an average of 714 smart devices to their staff to support the drive towards mobile working.
However, of these 56,000+ devices, over a third (40%) aren’t protected by any kind of enterprise mobility management (EMM) software.
EMM is vital to manage and mitigate the increasing volume and sophistication of mobile threats facing organizations.
It enables IT managers to push security policies right down to each device, for things like encryption and device wipe; compliance; app control; and managing and deploying profiles to specific user groups.
According to the ICO’s latest records, the number of data security incidents involving local government increased by 44% between April and June this year compared to the previous quarter.
“Nearly a third of those incidents also involved sensitive information being lost – including health and clinical data – highlighting the need to invest in regular, dedicated in-person training courses,” Citrix UK&I director, Jon Cook, told Infosecurity.
“Today’s cyber landscape is fluid and ever evolving. It’s vital to regularly review IT security training programs – at least annually – to ensure staff are properly equipped to safeguard sensitive data.”
Source: Information Security Magazine