Employees circumvent IT security controls ‘to get job done’

Staff are contravening IT security policies in order to get their work done, according to a report.


Staff are contravening IT security policies in order to get their work done, according to a report.

Over half, 53 percent, feel the need to work around their company’s security policies, according to RSA Insider Threat report, which surveyed 417 individuals. This comes despite the news that 94 percent of them say they understand the rules.

The report also highlighted a worrying lackadaisical attitude towards IT security. One in 10 of the survey respondents said they had lost a laptop, smartphone or USB flash drive containing business information.

This was particularly concerning because a large number of employees are accustomed to carrying around sensitive data on mobile devices. Some 79 percent said they frequently or sometimes leave their workplace carrying a mobile device containing sensitive information related to their jobs.

Additionally, 64 percent of employees send work documents to their personal email addresses in order to work from home.

The survey also highlighted problems with the way policies are applied to individuals. Some 43 percent of those who had switched jobs internally still had access to resources and data they no longer needed.

RSA said it was vital that security policies were strong yet also reflected the realities that employees faced trying to do their jobs. Tom Corn, VP data security at RSA, said that “with the sheer portability of information that we have today, it is essential that that data is governed not by the whims and day-to-day actions of your employees, but rather by pre-determined policy and subsequent controls."

"In this way, organisations can prevent sensitive information from being written to a USB flash drive in the first place - or at least mandate that it is encrypted," he said.

Other security news:

MoD: Up to 1.7m people's details lost

Deloitte laptop theft hit BSkyB, Network Rail and Transport Police

Over half of UK firms have lost data

Find your next job with computerworld UK jobs

"Recommended For You"

Medical practice in Wales loses unsecured USB drive with data on 8,000 people Lost USB stick earns Rochdale Council ICO rebuke