Eskenzi PR ad banner Eskenzi PR ad banner
  • About Us
Thursday, 9 February, 2023
IT Security Guru
Eskenzi PR banner
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
IT Security Guru
No Result
View All Result

Employees consistently flout security policies, say IT managers

by The Gurus
December 5, 2018
in Opinions & Analysis
Share on FacebookShare on Twitter

A new study reveals that nearly two thirds (61 per cent) of IT decision makers believe their employees regularly circumvent company security policies. Despite the fact that over half of those surveyed have invested in safeguards to protect their businesses against cyber threats in the past 12 months, careless employee behaviour could be leaving many organisations exposed to risks.

The findings are part of Databarracks’ sixth Data Health Check report, which surveyed over 350 IT decision makers in the UK.

When asked how often they thought their employees flout security polices (such as taking company data offsite, fabricating or omitting information on sign-in sheets and keeping written records of passwords) 61 per cent estimated their workforce side-step such practices at least once a month, with around a third (28 per cent) saying it’s daily or more.  

These results can be considered in contrast to other findings from the report; over half (59 per cent) have invested in safeguards in the past 12 months to protect against cyber threats like malware, viruses and phishing attacks. However, if employees are commonly circumventing the security practices put in place by company IT departments, these protocols may not be as effective as hoped.

 Oscar Arean, technical operations manager at Databarracks, commented on the results:

 “We expanded the remit of the Data Health Check this year to look at how IT departments approach cyber security, and how their users experience (and respond to) their approaches. The results have been pretty damning, with IT managers seriously lacking confidence in their employees’ commitment to their security plans. If they’re correct, then their businesses will be left exposed to cyber threats, as well as other more traditional threats such as social engineering. It may be no coincidence that two thirds (66 per cent) of those we questioned had been affected by a cyber-threat in the past 12 months. No amount of investment in cyber security policies can make up for poor employee habits; IT managers need to address this issue if they are to secure their organisations from malicious threats.”

Arean suggests communicating cyber risks more clearly throughout the organisation and opening a conversation with employees to improve the plans in place: “Employees that flout security policies are unlikely to be purposely trying to threaten the business – they either don’t know the consequences of their actions or they feel too restricted by the policies that are in place.

“Despite the rise in ransomware, there is a blind ignorance to security in the sense that people just don’t realise the consequences of the actions they take. Awareness training is used to address security concerns but is typically only done yearly or as part of the initial induction. In order for it to be effective, it needs to be carried out much more regularly.

 “A lot of IT departments handle incidents in the background with only key senior individuals being informed, but if threats aren’t communicated internally to employees then they will carry on as they always have. Employees are almost less risk adverse when it comes to the working environment because there’s a culture that it’s someone else’s problem if it goes wrong, where in fact it’s everyone’s problem. In some cases, organisations aren’t able to recover from these threats which not only puts the business at risk but also the position of all the employees within it.

“IT security requires a more open dialogue between the IT department and the rest of the business. Find out where and how security processes are too restrictive or unintuitive and work on improving your employees’ experience with them. How tight are your controls and do they need tweaking? Security is not just a tick box exercise anymore; it’s a concern for everyone. Asking these kinds of questions to the right people will go a long way to improve adherence to IT security practices,” Arean concluded.

FacebookTweetLinkedIn
ShareTweetShare
Previous Post

Why banks need consumers to detect imposters

Next Post

Latest IT Security news from Israel

Recent News

Cato Networks delivers first CASB for instant visibility and control of cloud application data risk

Cato SASE Cloud Named “Leader” and “Outperformer” in GigaOm Radar Report for SD-WAN

February 7, 2023
AT&T Cybersecurity grows SASE offering by adding Palo Alto Networks

UK second most targeted nation behind America for Ransomware

February 7, 2023
safe

Will Emphasising App Security Lead to More App Installs?

February 6, 2023
Phone with app store open

$400,000 Fine for Stalkerware App Developer

February 6, 2023

The IT Security Guru offers a daily news digest of all the best breaking IT security news stories first thing in the morning! Rather than you having to trawl through all the news feeds to find out what’s cooking, you can quickly get everything you need from this site!

Our Address: 10 London Mews, London, W2 1HY

Follow Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

This site uses functional cookies and external scripts to improve your experience.

Privacy settings

Privacy Settings / PENDING

This site uses functional cookies and external scripts to improve your experience. Which cookies and scripts are used and how they impact your visit is specified on the left. You may change your settings at any time. Your choices will not impact your visit.

NOTE: These settings will only apply to the browser and device you are currently using.

GDPR Compliance

Powered by Cookie Information