Are Your Employees Following Security Policies?

22 06 2010

In the Ponemon Institute’s study, “Trends in Insider Compliance with Data Security Policies,” a majority of respondents admit to serious non-compliant workplace behaviors that place their companies at risk. Such behaviors include the insecure use of USB memory sticks, Web-based email, social media, mobile devices and more. What’s more, the problem seems to be getting worse. The report sites lost or missing USB memory sticks and other portable data-bearing devices that often not reported to the company or are reported when it is too late.

Two key findings?

  • Employee attitudes about their employees affect the level of compliant vs. non-compliant behavior.
  • Employees do not believe their organizations provide ample training or adequate policies to inform them about data protection and security practices.

So, how does your company stack up against the percentages? 61 percent of end users transfer confidential data onto a USB stick and 71 percent says that others do it. What if there was a way to easily transfer sensitive, proprietary and confidential company and client information without using the number 1 cause of lost data? A secure, ad hoc Managed File Transfer solution can let your employees send up to 2GB of confidential information of files without even leaving their email client. No training, no ramp-up time and the ability to track messages and files. Sound too good to be true? Learn more.




One response

22 06 2010
Mister Reiner

Security polices are required in any organization, but they are completely worthless without any form of auditing. This is what organizations need to do:

1. Develop polices.

2. Conduct training so that users can learn about and understand the policies.

3. Have employees sign a policy acknowledge form, which states that they understand the policies and have been given an opportunity to ask questions about things that are unclear.

4. Establish a grace/amnesty period for making good on all policy violations and let people know they can ask for help if they need it. Delete data where it doesn’t belong, stop the leakage and unauthorized transfer of confidential and proprietary information, and confiscate devices that should not be in used.

5. Be proactive! Ask users if they are complaint with the policy and if they need any assistance. Do spot audits where you think or know you’ve been having problems.

6. Announce when the grace/amnesty period is over.

7. Do a comprehensive audit of anything and everything, and reprimand or terminate those that are not complaint with the policy. This may seem harsh, but if you don’t take security seriously, neither will your employees.

8. Repeat number 7 in 60-days. If you find any issues, go back to step 2 for EVERYONE. Group punishment works wonders!

There is a lot more that can be done besides the items mentioned above. There are software solutions that can help as well.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: