Most IT staffers ignore security policies
July 10, 2009 by Sam NarisiPosted in: Communication, In this week's e-newsletter, Information security, Latest News & Views
It’s not news that many employees are ignoring IT security policies. But who’s doing it might surprise you.
That’s right, it’s the IT employees themselves, according to a recent Ponemon survey.
For example, 69% of staffers admitted to copying confidential company data onto portable USB drives, even though 87% said their employer has a policy against it, according to the survey of 967 IT pros.
More than half download personal software to their work computers, which greatly increases the risk of bringing viruses onto the company network. Other unsafe behaviors the IT pros admitted to includes:
- downloading info to unsecured smartphones and other devices (61%)
- sharing passwords (47%), and
- misplacing portable drives and not reporting the loss (43%).
All in all, 57% of those surveyed described their companies’ IT policies as “ineffective.” About half said those policies are largely ignored by management and employees throughout the company.
The main problem: a lack of training. More than half (58%) of respondents said their employer doesn’t provide adequate training on how to comply with the rules.
Tags: data theft, IT policies, security
July 15th, 2009 at 11:32 am
Lack of training? Sounds like a cop out to me. How much “training” does it take to “learn” not to copy confidential company data onto portable USB drives?
July 21st, 2009 at 11:54 am
My company (I know we aren’t the only one) gives everyone an employee handbook, and it includes the rules regarding appropriate use of technology. We all bend those rules a little, but to say I didn’t know them after I signed for receipt of the book would be just as stupid as downloading confidential company data to a portable.
July 24th, 2009 at 11:02 am
Interesting that the workers violate company policy, opr don’t think what they do is a problem, then 1/2 say policies are ineffective (at least they are honest). Guess companies need to appoint baby sitters to watch the IT staff, and spank them or give them a time out when they violate policy.