ICT security policies must be understood

UK firms have ICT security policies in place, but they don't ensure employees actually understand them, according to a survey by NETconsent and the Federation Against Software Theft (FAST).

Nearly all of FAST's members have security policies, with 60 per cent updated annually. But more than three quarters of the survey's respondents said they don't do anything to ensure that employees are completely clear about what these ICT policies mean to them.

"Policies are an important communication tool not only to educate users and remind them of their rights, responsibilities and the consequences of their actions, but also to protect them," said John Lovelock, director general of FAST.

But 44 per cent of those surveyed said they lacked confidence in their co-workers' understanding of those policies and 40 per cent have had to start disciplinary action against a member of staff for breaking policy.