Some 67% of IT security decision-makers believe the employees in their organisations regularly circumvent internal IT security policies, exposing them to significant cyber security risks, a survey says.
Databarracks’ Data Health Check 2019 poll found that employees that flout security policies are, however, not deliberately intent on introducing threats to the business. More likely, they either do not know the possible consequences of their actions, or they feel ‘too restricted’ by cyber security policies that are in place.
“Lines of communication between the IT department and the rest of the business need to improve: for a workforce to feel like they are part of the solution, they need to be aware of the ongoing battle IT face,” says Databarracks Managing Director Peter Groucutt. “Too often, IT security teams handle incidents in the background with only key senior individuals being informed – but if threats are not communicated internally to all employees, they will not know how to change their behaviour in the future.”
Groucutt adds: “The IT security function has a responsibility to educate the entire business on why an incident took place, what the implications were, and most importantly, what can be done to prevent this from happening again.”