Your IT staff has worked hard to develop a cybersecurity plan that effectively protects your networks and data and reduces the likelihood of a security breach. Yet incidents keep occurring, and it seems like every day, you’re hearing of yet another instance of an employee breaking the rules.
And you aren’t alone. Most data breaches are the result of employee behavior and mistakes, often related to skirting the rules — or blatantly ignoring them. And if you’re like many employers, you are probably wondering why the rules are always being broken. Well, the answers might surprise you.
Reason #1: They Honestly Don’t Know
They say that ignorance is bliss, but not when it comes to cybersecurity. If you have a security policy, has it been clearly communicated? Or is it just a page in the employee handbook that’s skimmed over during orientation? Remember, not all of your employees are security experts or well versed in cybersecurity. There’s a good chance that some of them honestly don’t know that what they are doing is against policy or even dangerous. You need to provide ongoing, specific, and clear training, along with regular updates, to keep everyone on the same page.
Reason #2: The Rules Affect Productivity
Joe is under the gun to finish a project, but he needs to get home to watch his son’s baseball game. So he emails some files to himself so he can work after the kids go to bed — even though he knows that his personal email address isn’t secure like his work email. Joe’s story is common. Often, employees will use web-based tools like file sharing and email to save and send work so they can stay productive outside of the office, even if it’s prohibited.
They might do this because there is no other option, or because the approved system is too cumbersome. The bottom line, though, is that they are breaking the rules, and it’s important for the security team to work with employees to develop solutions that meet their productivity needs and ensure security.
And you aren’t alone. Most data breaches are the result of employee behavior and mistakes, often related to skirting the rules — or blatantly ignoring them. And if you’re like many employers, you are probably wondering why the rules are always being broken. Well, the answers might surprise you.
Reason #1: They Honestly Don’t Know
They say that ignorance is bliss, but not when it comes to cybersecurity. If you have a security policy, has it been clearly communicated? Or is it just a page in the employee handbook that’s skimmed over during orientation? Remember, not all of your employees are security experts or well versed in cybersecurity. There’s a good chance that some of them honestly don’t know that what they are doing is against policy or even dangerous. You need to provide ongoing, specific, and clear training, along with regular updates, to keep everyone on the same page.
Reason #2: The Rules Affect Productivity
Joe is under the gun to finish a project, but he needs to get home to watch his son’s baseball game. So he emails some files to himself so he can work after the kids go to bed — even though he knows that his personal email address isn’t secure like his work email. Joe’s story is common. Often, employees will use web-based tools like file sharing and email to save and send work so they can stay productive outside of the office, even if it’s prohibited.
They might do this because there is no other option, or because the approved system is too cumbersome. The bottom line, though, is that they are breaking the rules, and it’s important for the security team to work with employees to develop solutions that meet their productivity needs and ensure security.
Reason #3: The Rules Are Cumbersome
Employees get frustrated when it is too difficult to access applications, files, and networks, so they find ways to work around security measures. That might mean writing that impossible-to-remember password on a note to stick on the screen, or staying logged in through their lunch hour to avoid having to do the login process again. While you shouldn’t relax your standards because someone doesn’t like entering a 10-digit password, you should work with teams to create seamless, easy-to-use protocols. Password managers and multi-factor authentication tokens, for example, can take some of the hassles out of access while still keeping everything safe.
Reason #4: There Aren’t Any Consequences
If someone breaks a rule and doesn’t get in trouble, what’s to stop them from doing it again? Employees ignore rules that aren’t enforced, so if you want to protect your network, you must be alert to violations and address them.
Reason #5: They Are Trying to Sabotage the Company
It’s sad but true: Some people simply want to hurt the company, so they will do anything they can to skirt the rules and cause problems. Continuous monitoring, firewall protection, strong authentication protocols, and antivirus software can go a long way toward protecting the network, but when someone is determined, they could be difficult to stop. It’s important to learn the signs of sabotage and act quickly to mitigate the damage.
Almost no one likes to follow rules, but if you are going to keep your company’s data safe, you must have a clear policy and zero tolerance for violations. Understanding why employees break the rules is the first step to making policies that are fair and creating a plan that works for everyone. Pay attention and listen — the truth behind broken rules might not be what you think.
Employees get frustrated when it is too difficult to access applications, files, and networks, so they find ways to work around security measures. That might mean writing that impossible-to-remember password on a note to stick on the screen, or staying logged in through their lunch hour to avoid having to do the login process again. While you shouldn’t relax your standards because someone doesn’t like entering a 10-digit password, you should work with teams to create seamless, easy-to-use protocols. Password managers and multi-factor authentication tokens, for example, can take some of the hassles out of access while still keeping everything safe.
Reason #4: There Aren’t Any Consequences
If someone breaks a rule and doesn’t get in trouble, what’s to stop them from doing it again? Employees ignore rules that aren’t enforced, so if you want to protect your network, you must be alert to violations and address them.
Reason #5: They Are Trying to Sabotage the Company
It’s sad but true: Some people simply want to hurt the company, so they will do anything they can to skirt the rules and cause problems. Continuous monitoring, firewall protection, strong authentication protocols, and antivirus software can go a long way toward protecting the network, but when someone is determined, they could be difficult to stop. It’s important to learn the signs of sabotage and act quickly to mitigate the damage.
Almost no one likes to follow rules, but if you are going to keep your company’s data safe, you must have a clear policy and zero tolerance for violations. Understanding why employees break the rules is the first step to making policies that are fair and creating a plan that works for everyone. Pay attention and listen — the truth behind broken rules might not be what you think.