Cisco, a leading security provider, recently conducted a two-part research study that assessed the effectiveness of IT security policies. This study, which analyzed the behavior and perceptions of 2,000 employees and IT professionals in 10 countries, found that employees engage in numerous risky behaviors at work, including the following:
In addition, Cisco’s research revealed some surprising findings about the effectiveness of corporate security policies. For example:
In the following video, Cisco CSO John Stewart explains why data leakage is such a serious issue and what companies can do about it.
For more information about Cisco’s study, go to Cisco's Data Loss Prevention website, where you can review all the study findings. To view Cisco’s entire video series about the study, see Part 1: “Data Leakage Mistakes Employees Make Globally” and Part 2: “Data Leakage and Corporate Policies: Are they Aligned?”
How Effective Are Your Security Policies?
Altering security settings to bypass corporate security policies and access unauthorized sites
Accessing unauthorized areas of networks and facilities
Sharing sensitive corporate data with non-employees
Sharing corporate devices with non-employees
Losing portable storage devices
Allowing others to "tailgate" behind them into corporate facilities
Leaving devices with passwords to personal financial accounts and corporate systems unattended and unlocked
One in four organizations don’t have any data protection or security policies in place.
A large gap exists between employees and IT personnel regarding security policy awareness: Between 20 percent and 30 percent more IT respondents than employees are aware of their company’s security policies.
A communication disconnect often exists because IT personnel tend to communicates policies in an indirect, non-verbal manner (e.g., email, voicemail, memo). This lack of direct, verbal engagement contributes to the gap in IT personnel/employee security policy awareness.
The main reason that employees don’t adhere to corporate security policies is a lack of alignment between those policies and the reality of doing their jobs.
One in five IT professionals has experienced a data leakage incident that involved the loss of customer data.
0 comments
Hide comments