Poor employee habits risk business security

Posted on Nov 8 2016 - 3:39pm by Tayla Ansell
RATING

Nearly two thirds (61%) of IT decision makers believe their employees regularly circumvent company security policies, findings from Databarracks’ sixth Data Health Check report reveal. The recent Tesco Bank hack and scrutiny of Hillary Clinton’s use of a private server for email highlight that security is a concern for everyone and the behaviour of an individual can have far-reaching consequences for an organisation.

Careless employee behaviour could be leaving many organisations exposed to risks

Careless employee behaviour, such as keeping written records of passwords, exposes businesses to risks

In the survey of over 350 UK IT decision makers, when asked how often they thought their employees flout security polices (such as taking company data offsite, fabricating or omitting information on sign-in sheets and keeping written records of passwords) 61% estimated it occurs at least once a month, with around a third (28%) saying it’s daily or more.

Over half (59%) have invested in safeguards in the past 12 months to protect against cyber threats like malware, viruses and phishing attacks. However, if employees are circumventing the security practices put in place, these investments could be in vain.

Oscar Arean, technical operations manager at Databarracks suggests communicating cyber risks more clearly throughout the organisation and opening a conversation with employees to improve the plans in place: “Employees that flout security policies are unlikely to be purposely trying to threaten the business – they either don’t know the consequences of their actions or they feel too restricted by the policies that are in place.

Oscar Arean, technical operations manager at Databarracks

Oscar Arean, technical operations manager at Databarracks

“Despite the rise in ransomware, there is a blind ignorance to security in the sense that people just don’t realise the consequences of the actions they take. Awareness training is used to address security concerns but is typically only done yearly or as part of the initial induction. In order for it to be effective, it needs to be carried out much more regularly.”

www.databarracks.com

About the Author