The Agency Insider with Linda McGlasson

Who's Breaking the Rules on Your Staff?

Who's Breaking the Rules on Your Staff?

A new poll shows that more than one in 10 U.S. employees says they've known they were violating policies put in place by their company's IT departments, but violated them anyway to get their work done.

The Harris poll, conducted for a mobile asset company, showed that of the 1,347 employed respondents over the age of 18, 12 percent admitted to breaking policy. While the poll was directed at mobile and remote computer use, the findings hold true across the makeup of every organization.

Many information security practitioners know that there are "policy-compliance-rules-weren't-written-for-me" types in their organizations. And if one of those policy-breakers isn't on your senior management list, I will guess you haven't looked very hard.

Why is it so important to stop these scofflaws? Because stop a policy-breaker and you may stop a data breach. Among the most feared threats at any institution are the trusted insiders, as any information security pro knows. These are the employees who have access, as well as the ability to wreak havoc if they turn to the dark side, or even if they make an inadvertent mistake.

Technology plays a part in detecting policy-breakers and evaders. The need for compliance tools to make sure employees are following the rules is clear. Because without them, organizations face breaches, the possible loss of data - either intently or inadvertently, which of course leads to having your name splashed across the news headlines.

How to stop these policy-evaders? Educate and preach compliance to your employees. I don't just mean handing them an information security folder and doing the speech about how important security is, or the annual information security meeting that no one, especially policy-breakers, wants to sit through.

Ever consider putting security compliance as part of everyone's job description and tying it to their job performance? I know it may take a bit of convincing at the board level that this could work, but it would go much further to tell workers that it is part of their job to follow the rules. It's even part of the CEO's job too.

About the Author

Linda McGlasson

Linda McGlasson

Managing Editor

Linda McGlasson is a seasoned writer and editor with 20 years of experience in writing for corporations, business publications and newspapers. She has worked in the Financial Services industry for more than 12 years. Most recently Linda headed information security awareness and training and the Computer Incident Response Team for Securities Industry Automation Corporation (SIAC), a subsidiary of the NYSE Group (NYX). As part of her role she developed infosec policy, developed new awareness testing and led the company's incident response team. In the last two years she's been involved with the Financial Services Information Sharing Analysis Center (FS-ISAC), editing its quarterly member newsletter and identifying speakers for member meetings.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.