Two-thirds of companies do not bother to include IT security as part of an employee's induction, according to a new study.
A survey of 1,185 people with responsibility for carrying out inductions in their organisations, conducted by Loudhouse Research, found that only 32 per cent of medium-sized businesses across Europe have IT security as an aspect of employee induction. The research also found that only 39 per cent covered internet usage policy within their organisations.
But the survey found that 73 per cent of respondents have reviewed induction policy in the past 12 months, with company growth and restructure being the main reasons for review.
The "Employee Education Gap" report was carried out on behalf of anti-virus company McAfee. It found that major holes in company induction processes are leaving businesses vulnerable to unnecessary security risks.
But the UK led the way businesses in this country being the most likely to hold induction sessions for all employees while barely a third of businesses in France and Italy had inductions for all employees.
Where security issues are raised, the survey found that most businesses felt that the end user is more culpable than the employer, which could have serious implications for employee and employer liability.
The research found that 55 per cent of respondents felt that an employee should be held responsible for a personal email that spreads a virus on the company network. A stolen laptop is also seen as the responsibility of the employee by 67 per cent of organisations.
Greg Day, a Security Analyst at McAfee said that many businesses are failing to cover computer and internet usage policies.
"Companies are failing to capture the opportunity presented by new starters to instil a sense of vigilance and security into the workforce," he said. "This oversight, coupled with a clear lack of enforcement increases the risk of new employees either consciously or inadvertently breaching corporate security protocols."
