The headline finding of Dell’s End-User Security Survey, released last week, is that 72 percent of employees said they were willing to violate data security protocols and share confidential company information under certain circumstances, such as if a manager asked them to or if it would help them do their jobs more easily. Computerworld editor Matt Hamblen takes a closer look at the findings, which illustrate the fine line employees often walk between maximizing their productivity and safeguarding sensitive data:
Creating a security culture at a company can be complicated. The survey found that 65% of employees recognize their responsibility to protect confidential information, but many said security programs limit their productivity. Of those who received cybersecurity training at work, 24% admitted they went ahead and used unsafe behaviors anyway in order to complete a task. …
The survey found that unsafe behaviors for accessing, sharing and storing data are common in the workplace. Forty-six percent of employees admitted to connecting to public Wi-Fi to access confidential information, while 49% admitted to using a personal email account for work tasks. The survey found 35% said it was common to take corporate information with them when leaving a company.
One of the many interesting things we’ve found in our ongoing research into the development of organizational cultures is that employees often don’t engage in behaviors because there are underlying tradeoffs they must make in order to do so. In recognition of this, one company we’ve spoken to explicitly lays out the “dualities” associated with a desired behavior (in this case, efficiency vs. data security).
Dell recommends that employers respond to this challenge by improving enforcement of cybersecurity policies and providing more education for their staff, but this training should not focus solely on how and why to protect data; instead, organizations should provide employees guidance to actively manage the actual tradeoffs they need to make in their daily workflow and reinforce that guidance using talent processes.
For example, if an employee needs to access information but lacks a means to get on a secure network, then they are going to use public WiFi, creating a security risk. Instead of blaming these employees for taking shortcuts, organizations need to identify the barriers that are preventing employees from following these policies efficiently, to more effectively manage these tradeoffs.