Editor’s Note: One of the issues associated with Cybersecurity Framework compliance is how to address security lapses resulting from employees who violate approved security procedures.
From: Financial Times
By Bede McCarthy, Technology Correspondent
Efforts to protect businesses from cyber attacks are being undermined by the fact that nine out of 10 people knowingly breach their employer’s data policies.
A survey of 165,000 employees showed 93 per cent of workers knowingly violate policies designed to prevent data breaches, and senior executives are the worst offenders. The CEB, a member-based advisory service formerly known as the Corporate Executive Board, compiled the results over several years.
The figures come at a time when IT departments are spending more on securing precious data such as intellectual property and customer records. Mobile trends such as “bring your own device”, where employees use their own phones, tablets and laptops for work, make it difficult to secure information as it passes beyond the corporate firewall and into the pockets of employees.
Despite a wave of new security products to adapt corporate IT security measures to such trends, the biggest threat, according to CEB, remains the loss of a company device such as a mobile phone or tablet.
More than one-third of staff also admitted to writing down critical passwords where they can be stolen, such as on post-it notes. Other common missteps included copying sensitive documents on to portable drives and sharing passwords with colleagues.
Jeremy Bergsman, senior research director at CEB, whose members include BP and Sprint, said people outside traditional IT departments had a poor grasp of the risks involved, and that correct processes were often too complicated for employees to bother.
“In order to get employees to do the right thing you need to make it as easy as possible to do. These people are not malicious. Most people are just trying to get their jobs done, that’s why they break policy,” he said.
The CEB also found that more than 60 per cent of businesses were likely to have suffered a security breach without knowing it.
Leave a Reply