Most companies do have security policies and/or some training in place, so why are these measures often not effective? Companies recognize the continual escalation of security and data breaches, but why do employees continue to violate company policies? Here’s our list of the top three reasons:
Maybe this seems extreme; because of course companies do have some form of security policies in place. In fact, according to a recent study, “three out of four companies surveyed have security policies. However, 40 percent of employees in the surveyed companies did not know that these security policies existed – and a surprising 20 percent of IT professionals were unaware of an existing security policy.” So, the problem isn’t the lack of the policies. The problem is that they’re often not communicated. Let’s be clear. We don’t mean communicated via new employee onboarding or annual emails. We’re talking about policies that are proactively managed, properly enforced and frequent awareness training that’s engaging and interactive.
All too often, it’s about employees not understanding the risks and implications. It’s not top of mind and they certainly don’t see IT security as their problem. Many users believe it’s the job of IT to create, implement, and enforce security policies. In fact, the above study noted that “many IT professionals (41 percent) believe that employees are willing to engage in these risky behaviors because they think that IT will solve any problems that arise as a result, or that no one will know.
Surprisingly, there are many employees who believe that existing policies and processes inhibit their ability to do their jobs. For example, consider the number of employees using SaaS applications that have not been approved by the IT department or obtained through IT processes (called “Shadow IT”). For these employees, their perception is that it’s faster and easier to avoid security policies altogether. And because companies shouldn’t inhibit their employees’ productivity, organizations need to incorporate solutions that are employee-friendly, while still protecting the company.
At Security Mentor, we think that with the appropriate awareness training – one that engages and educates employees on the value of security – organizations can enlist the assistance of their employees to mitigate risks. Information security is everyone’s problem. Get everyone involved! Help them understand why it’s important and give them direction for change.
We trust in the power of Security Awareness Training and have seen how successful it can be for a wide variety of customers. If you’re interested in learning more, please reach out, we are more than happy to provide you with any and all the information you desire!
Author: Daniel Eickhoff, Director of Global Channel Sales at Security Mentor, Inc.
About Security Mentor: Even if an organization has all the technology boxes checked to maximize cyber security, the behavior of their employees still leaves them exposed and vulnerable to attacks. In fact, in the majority of security breaches, the human factor was the weakest link in the defense system.
Security Mentor is the industry-leading Security Awareness Training provider, offering the most effective security awareness training solution in the market. Our interactive and highly engaging lessons teach critical security skills in an easy-to-understand, fun format that drives real behavior change. www.securitymentor.com
This is a guest blog written by one of our technical partners. If you’re interested in writing a guest blog please contact Mackenzie at Secure Sense; firstname.lastname@example.org