Most tech staffers ignore security policies
August 3, 2009 by Sam NarisiPosted in: HR Tech, In this week's e-newsletter - Tech
It’s not news that many employees are ignoring security policies. But who’s doing it might surprise you.
That’s right, it’s the IT employees themselves, according to a recent Ponemon survey.
For example, 69% of staffers admitted to copying confidential company data onto portable USB drives, even though 87% said their employer has a policy against it, according to the survey of 967 IT pros.
More than half download personal software to their work computers, which greatly increases the risk of bringing viruses onto the company network. Other unsafe behaviors the IT pros admitted to includes:
- downloading info to unsecured smartphones and other devices (61%)
- sharing passwords (47%), and
- misplacing portable drives and not reporting the loss (43%).
All in all, 57% of those surveyed described their companies’ IT policies as “ineffective.”About said those policies are largely ignored by management and employees throughout the company.
The main problem: a lack of training. More than half (58%) of respondents said their employer doesn’t provide adequate training on how to comply with the rules.
Tags: data theft, IT policies, security
August 4th, 2009 at 4:19 pm
Lack of training?!!! How much training does it take to understand not to copy CONFIDENTIAL data onto a USB drive or not to download info. Sounds like an excuse that the 58% of respondents do not want to take responsibility for their own actions.
August 12th, 2009 at 11:04 am
I don’t buy the lack of training statement. I have about 58% of staff who say that they were never trained on something yet we have a form, signed by them, stating that they were trained and were given the chance to ask quesitons, etc.