New Report Reveals IT Professionals Violate Their Own Security Policies

by Stephanie Faris on Monday, February 29 6:00

Information systems workers expertly manage a business s technology, often setting rules designed to keep the network safe. Yet how responsible are those workers? As they set and enforce policies on video streaming, unauthorized downloads, and strong password requirements, they all too often are bypassing those rules on their own devices.

With security breaches impacting so many businesses in recent years, however, it s important that companies understand the risks such careless behavior brings. IT departments should be aware of these risks, as well, since they could eventually lead to an issue that exposes them. If a major system infiltration can be tracked back to a negligent IT worker, that worker may be without a job and IT management could be forced to answer for it.

About the Report

Absolute Software Corporation put together the report, titled IT Confidential: The State of Security Confidence. The report emphasized the importance of security to the vast majority of IT teams, yet only 37 percent of IT budgets are allocated toward security. The goal of Absolute s research was to gauge attitudes, behavior, and confidence levels specific to IT security in organizations.

In this year s study, as well as a similar study last year, Absolute found that attitudes about security varied with age. Both years, respondents between the ages of 18 and 44, labeled the younger generation, were found to be more cavalier than older generations about security within their organizations. Those younger generations were 41 percent more likely to hack their own organizations, making them a potential security risk to their employers.

Who s Responsible?

Absolute determined an interesting trend among the responses to the survey. Across most responding organizations, respondents made it clear that they believed IT was solely responsible for IT security. This puts increasing pressure on IT leaders, who state that they feel they take the brunt of this responsibility. If a breach occurs, often these leaders are the ones who will be forced to answer to their procedures. According to the study, these managers must not only monitor what end users are doing, but they also face dangers from their own IT teams.

The research found that younger workers are more likely to hold the opinion that the organization as a whole is responsible for a data breach. They also are more likely to feel as though the organization is taking all necessary precautions to avoid one. The combination of these two attitudes could be the very reason younger IT workers aren t as concerned about IT security. Unfortunately, this attitude can lead to irresponsible behaviors, such as not following proper protocols and deliberately circumventing established procedures. All of this negligence falls on supervisors, who will be forced to take responsibility for not hiring and/or supervising employees adequately.

IT leaders should put strict policies in place and make sure workers of all ages are fully informed on the dangers their organizations face. Education can make a big difference in the attitudes held by a business s IT teams. Only by carefully screening new hires and monitoring server activity can IT managers make sure they re fully aware of the work their IT teams do each day.