Organisations’ efforts to safeguard their businesses from cyber attacks have been weakened by its own employees as about nine of 10 employees intentionally breach their employer’s data policies, according to a new report.
The report from the CEB revealed that despite the availability of several new security products to adapt corporate IT security measures to such trends, the loss of a company device including a mobile phone or tablet has been the biggest threat.
The firm has also conducted a survey, which involved 165,000 employees, and reported that 93% of workers intentionally infringed policies developed to avoid data breaches, and senior executives are reported to be the worst offenders.
CEB senior research director Jeremy Bergsman was cited by FT as saying people outside traditional IT departments had a poor grasp of the risks involved, and that correct processes were often too complicated for employees to bother.
"In order to get employees to do the right thing you need to make it as easy as possible to do. These people are not malicious," Bergsman said.
"Most people are just trying to get their jobs done, that’s why they break policy."
About one-third of the surveyed staff also confessed to writing down important passwords where they can easily be stolen, such as on post-it notes, while other common errors included copying sensitive documents on to portable drives as well as sharing passwords with their colleagues.
The survey results come in the midst when IT departments have increased spending on securing precious data that include intellectual property and customer records.
Mobile trends including BYOD that allows employees to use their own phones, tablets and laptops for work is making it difficult to protect data as it passes further than the corporate firewall and into the employees’ pockets, the report revealed.
