Saturday, 11 January 2014 12:34

Worst offenders in IT security are senior managers


Over October and November 2013 KRC Research surveyed information workers in the United States with regards information security attitudes and practices. The resulting report by Stroz Friedberg reveals a privilege of rank – the worst offenders in IT security are senior managers.

Businesses worldwide must be conscious of information security threats. Stroz Friedberg commissioned a study into businesses in the United States which provides a rather bleak reality, namely those who have the highest access to valuable company information are the very people more likely to engage in risky behaviours.

This news may not come as a surprise to those who actually run the very information systems powering enterprises. I have dealt with managing directors who insist on using their ten-year old five-letter lower-case password everywhere because it is easier for them, never mind they had divulged this password to countless personal assistants and even IT folk. I have dealt with companies planning to implement tight web filtering where the executive team ensured they were exempt from the same rules that applied to the rank and file – so they could continue using their own personal webmail to send ‘confidential’ documents.

A positive result of the survey is workers who did not participate in high-risk behaviours attributed this to strict company policy. Yet, at the same time, it was senior managers within businesses who conceded to flaunting the policies – the very people with high levels of access to valuable company information.

According to Stroz Friedberg, an incredible 87% of senior managers admitted to uploading work files to their personal e-mail and cloud accounts. Of these, 37% state it is because they prefer to use their personal computer, and 14% say it is too much work to bring their work laptop home.

58% of senior managers admitted to having previously accidently emailed sensitive information to the wrong person, compared to 25% of workers overall. 51% of senior managers admitted to taking files with them after leaving a job, again compared to 25% of office workers in general.

What is the solution? I have dealt with companies who intended to implement strict USB and removable media controls, again with the senior managers fighting to ensure they were exempted. In these cases I have told them there is simply no point then. Who is most likely to take company secrets with them to their next job? The receptionist? Or the head of sales? If measures to protect against information leakage don’t apply to everyone then they are purposeless.

According to Stroz Friedberg education is lacking. Only 11% of workers who do not send work files through personal accounts are actually aware of the company policies against doing so – the other 89% don’t do it, but not because they know the policy.

37% of office workers stated they received mobile device security training, and 42% stated they received information sharing training. In other words, more than half of office workers in the United States have not been given any training in how to protect company information. This is something which will be more significant if the rumours of “bring your own device (BYOD) proliferation” is to take place.

Given the above results of the research, it is perhaps unsurprising then that 73% of all office workers also indicated they were concerned a hacker could steal personal information from their company’s information systems.

Who is to blame? 45% of senior leaders said they were responsible for protecting companies against cyber attack – meaning 55% did not believe the buck stopped with them. Fortunately for business leaders 54% of non-senior workers believe security is IT’s problem.

It is a grim and depressing reality. Over the last 10 or so years industrial environments have worked hard to push the message that personal workplace health and safety is everyone’s responsibility, and that rank-and-file workers cannot simply have the attitude that other people will keep them safe. Unfortunately, this same message has not been extended to information safety and security.

Read 8220 times

Please join our community here and become a VIP.

Subscribe to ITWIRE UPDATE Newsletter here
JOIN our iTWireTV our YouTube Community here


Hybrid cloud promises to bring together the best of both worlds enabling businesses to combine the scalability and cost-effectiveness of the cloud with the performance and control that you can get from your on-premise infrastructure.

Reducing WAN latency is one of the biggest issues with hybrid cloud performance. Taking advantage of compression and data deduplication can reduce your network latency.

Research firm, Markets and Markets, predicted that the hybrid cloud market size is expected to grow from US$38.27 billion in 2017 to US$97.64 billion by 2023.

Colocation facilities provide many of the benefits of having your servers in the cloud while still maintaining physical control of your systems.

Cloud adjacency provided by colocation facilities can enable you to leverage their low latency high bandwidth connections to the cloud as well as providing a solid connection back to your on-premises corporate network.

Download this white paper to find out what you need to know about enabling the hybrid cloud in your organisation.



It's all about Webinars.

Marketing budgets are now focused on Webinars combined with Lead Generation.

If you wish to promote a Webinar we recommend at least a 3 to 4 week campaign prior to your event.

The iTWire campaign will include extensive adverts on our News Site and prominent Newsletter promotion and Promotional News & Editorial. Plus a video interview of the key speaker on iTWire TV which will be used in Promotional Posts on the iTWire Home Page.

Now we are coming out of Lockdown iTWire will be focussed to assisting with your webinars and campaigns and assistance via part payments and extended terms, a Webinar Business Booster Pack and other supportive programs. We can also create your adverts and written content plus coordinate your video interview.

We look forward to discussing your campaign goals with you. Please click the button below.


David M Williams

David has been computing since 1984 where he instantly gravitated to the family Commodore 64. He completed a Bachelor of Computer Science degree from 1990 to 1992, commencing full-time employment as a systems analyst at the end of that year. David subsequently worked as a UNIX Systems Manager, Asia-Pacific technical specialist for an international software company, Business Analyst, IT Manager, and other roles. David has been the Chief Information Officer for national public companies since 2007, delivering IT knowledge and business acumen, seeking to transform the industries within which he works. David is also involved in the user group community, the Australian Computer Society technical advisory boards, and education.

Share News tips for the iTWire Journalists? Your tip will be anonymous