Industry News

Four in Five IT Managers Believe Employees Deliberately Disobey Security Policies

A study conducted by privileged identity management company Liberman Software reveals that about 80 percent of corporate IT managers believe their company’s employees deliberately ignore security best-practices at work.

The survey, based on the opinions of about 250 security professionals in the corporate sector, also show that more than half of the same end-users would not care much even if these security policies came directly from the company’s CEO.

“These figures highlight the fact that most end-users are still not taking IT security seriously and are unnecessarily putting corporate data – and potentially customer information – at risk,” said CEO Philip Lieberman, as quoted in the press release.

It’s no wonder that corporate employees try to circumvent security protocols at the work place, especially as corporate IT environments are highly restrictive: most companies block access to social networking sites, instant messaging or other forms of communication that are unnecessary to the job.

Although corporate employees are the primary offenders in these cases, part of the responsibility resides with the IT departments themselves. Most company employees do not receive proper IT security orientation courses and are unaware of the dangers of circumventing these policies.

Bottom line: If you don’t want your employees to ignore security policies, don’t rely on good faith and trust, but rather enforce them. If you want your employee to avoid using removable media on company computers, why not disable them?

About the author


Bogdan Botezatu is living his second childhood at Bitdefender as senior e-threat analyst. When he is not documenting sophisticated strains of malware or writing removal tools, he teaches extreme sports such as surfing the web without protection or rodeo with wild Trojan horses. He believes that most things in life can be beat with strong heuristics and that antimalware research is like working for a secret agency: you need to stay focused at all times, but you get all the glory when you catch the bad guys.

1 Comment

Click here to post a comment
  • I am currently writing a book on International Politics (Globalization and Democracy, What are the dangers?) and one critical issue in the book is Cyber Security. I bring it down to basics by arguing that Cyber Security begins at the level of the Manual for Internal Methods and Procedures, that every organization must have. For example, one policy must define locations and functions where a staff member found in violation, will automatically and summarily lead to dismissal by due cause, which everyone knows forfeits unemployment benefits. Any policy must go hand and hand with upgrading physical security, proper training and technical know how. We should leave up to the IT experts, the vigilance about evolving technologies. But, best practices in management have to be supportive of the work done by the high tech personnel.

    In developing countries, even the armed forces and security agencies are behind in terms of the non technical aspects of Cyber Security. A most senior naval officer told me during a workshop I offered in a South American country “What devices or programs can you leave with us to keep us protected?” . AFter 4 days of intensive discussion, he had totally missed the point about properly managing people as a primary and most basic weapon against intrusion, leaks and sabotage.”