Your firm may not be the victim of a cyber-attack, but you definitely have employees who are breaking IT policies every day and putting your company’s info at risk.
Here are the biggest three reasons folks flout tech-security policies:
- They don’t know the rules. No doubt your IT people have a security in place and have publicized it. But many policies have their fair share of gray areas, and that’s where you can get in trouble. For example, a worker has a large file to transmit, and your company e-mail keeps getting hung up because of the size of the file. G-Mail’s forbidden by your company policy, but if that’s the only way to get the file to the customer, is it OK? That needs to be clarified.
- They know the rules, but no one’s enforcing them. If employees know there are no consequences for bending or even breaking the rules, there’s little motivation to play by them. Yes, your IT policy should have some teeth. But you want people to understand that if they access work files from a public computer, say, at a conference, they’re putting your financial data at risk.
- The rules get in the way of productivity. Weren’t computers supposed to make folks more productive? But when IT blocks downloading or distribution via e-mail, you can bet employees will find a way to work around that. Bottom line: IT must be sure people have the tools they need to do their jobs — securely.
Source: “3 Reasons Why employees Don’t Follow Security Rules,” by Joan Goodchild. (www.csoonline.com)