Survey Reveals Why Employees Violate Cybersecurity Policies
Stress, not malice, is implicated in the majority of violations…
An article review.
Following a surge of high profile attacks in 2020, businesses have been increasing their investment into cybersecurity. However, many organizations are learning that investing in new systems may help, but one of the largest threats they still face comes from their own employees.
In light of this threat, the Harvard Business Review surveyed over 300 remote employees about how cybersecurity policies impacted their work, and why they sometimes chose to violate those policies. The survey found that in the vast majority of cases where an employee reported violating policy, they did so out of a desire to get their work done more efficiently.
While there is no way to completely eliminate the threats posed by employees, the authors of the study suggest IT staff get employee feedback on security policies. By seeking out alternatives where employee workflow is impacted the most, organizations can cut down dramatically on the temptation to break the rules. The authors say where changes to policy aren’t possible, the proper procedures to follow and why they are important should be communicated clearly.
Original article by Clay Posey and Mindy Shoss writing for the Harvard Business Review.