Employees Ignore Security Rules

Monday, April 1, 2013 @ 04:04 PM gHale

If a company has a security program in place, it only makes sense to follow it, right? Security professionals think so, however more than 80 percent of them feel corporate employees deliberately ignore the IT-sanctioned rules, a new survey showed.

The survey, conducted by Lieberman Software, looked at the attitudes of nearly 250 IT security professionals. It also found more than half of those who think that workers deliberately ignore IT security directives do not believe end-users would listen more even if these mandates came from executive management.

Sandia’s Cyber Lab Opens
Lockheed: Attacks Up ‘Dramatically’
Agencies Join in Security Plan
Ensuring Software Security Policies

These findings are despite the fact more IT security professionals and vendors are insisting in order to improve IT security within organizations, strategic guidance must come from the board level.

“These figures highlight the fact that most end-users are still not taking IT security seriously and are unnecessarily putting corporate data – and potentially customer information – at risk,” said Philip Lieberman, chief executive of Lieberman Software. “And these behaviors are continuing even after it has been proven that human error is the leading cause of data breaches. Organizations need to implement better cyber security training that properly instructs staff about the consequences of data breaches.

“IT groups must also look beyond conventional security products and invest in technology like privileged identity management (PIM),” Lieberman said. “PIM products ensure that powerful privileged accounts found throughout the enterprise in large organizations are available only to authorized IT personnel with limited-time, audited access. This ensures that end-users are not able to accidentally or maliciously change configuration settings, access systems with sensitive data, or perform other actions that are not required of their jobs.”

Leave a Reply

You must be logged in to post a comment.