3 reasons why employees don't follow security rules

A recent survey finds employees continue to ignore security policies. (Surprise, surprise.) Here's a reminder about what often is missing in organizations that tempts workers to walk the wrong side of security law.

"Education can work when it is reinforced with the incentives to do the right things. And even punishment for the wrong things can be effective."

Ideas to get people motivated to follow the rules include offering everyone tickets to a group event -- or free lunch -- for a certain number for days without an infraction. Conversely, if someone on staff continues to ignore the rules, "it is time to sit that person down and say I'm going to have to reprimand you," said Kenney.

Rules get in the way of productivity

People have been working around security since the dawn of IT in order to get their jobs done, said Kenney. Early examples include printing out sensitive documents that IT has blocked from download or distribution over email.

"You can lock laptops down and keep people from putting in flash drives to save things. But you know what they will do? They will print them out and do what they need to do to be productive."

Staff often view IT and security policy as a hindrance to productivity. And it many ways, it is, said Kenney. In his opinion, the riskiest behavior employees engage in lately is the aformentioned use of free Web-based services like Yahoo, Hotmail or gmail to send company documents.

A recent report from Aberdeen found demand for secure/managed file transfer products is growing in several industries because of the need to share large files safely.

"When employees use Web e-mail as a work around, companies don't know what kind of intelligence property is ending up in the cloud. They need the tools in order to transfer files safely."

Show Comments