Author's Opinion

The views in this column are those of the author and do not necessarily reflect the views of iTWire.

Have your say and comment below.

Saturday, 11 January 2014 12:34

Worst offenders in IT security are senior managers

By

Over October and November 2013 KRC Research surveyed information workers in the United States with regards information security attitudes and practices. The resulting report by Stroz Friedberg reveals a privilege of rank – the worst offenders in IT security are senior managers.

Businesses worldwide must be conscious of information security threats. Stroz Friedberg commissioned a study into businesses in the United States which provides a rather bleak reality, namely those who have the highest access to valuable company information are the very people more likely to engage in risky behaviours.

This news may not come as a surprise to those who actually run the very information systems powering enterprises. I have dealt with managing directors who insist on using their ten-year old five-letter lower-case password everywhere because it is easier for them, never mind they had divulged this password to countless personal assistants and even IT folk. I have dealt with companies planning to implement tight web filtering where the executive team ensured they were exempt from the same rules that applied to the rank and file – so they could continue using their own personal webmail to send ‘confidential’ documents.

A positive result of the survey is workers who did not participate in high-risk behaviours attributed this to strict company policy. Yet, at the same time, it was senior managers within businesses who conceded to flaunting the policies – the very people with high levels of access to valuable company information.

According to Stroz Friedberg, an incredible 87% of senior managers admitted to uploading work files to their personal e-mail and cloud accounts. Of these, 37% state it is because they prefer to use their personal computer, and 14% say it is too much work to bring their work laptop home.

58% of senior managers admitted to having previously accidently emailed sensitive information to the wrong person, compared to 25% of workers overall. 51% of senior managers admitted to taking files with them after leaving a job, again compared to 25% of office workers in general.

What is the solution? I have dealt with companies who intended to implement strict USB and removable media controls, again with the senior managers fighting to ensure they were exempted. In these cases I have told them there is simply no point then. Who is most likely to take company secrets with them to their next job? The receptionist? Or the head of sales? If measures to protect against information leakage don’t apply to everyone then they are purposeless.

According to Stroz Friedberg education is lacking. Only 11% of workers who do not send work files through personal accounts are actually aware of the company policies against doing so – the other 89% don’t do it, but not because they know the policy.

37% of office workers stated they received mobile device security training, and 42% stated they received information sharing training. In other words, more than half of office workers in the United States have not been given any training in how to protect company information. This is something which will be more significant if the rumours of “bring your own device (BYOD) proliferation” is to take place.

Given the above results of the research, it is perhaps unsurprising then that 73% of all office workers also indicated they were concerned a hacker could steal personal information from their company’s information systems.

Who is to blame? 45% of senior leaders said they were responsible for protecting companies against cyber attack – meaning 55% did not believe the buck stopped with them. Fortunately for business leaders 54% of non-senior workers believe security is IT’s problem.

It is a grim and depressing reality. Over the last 10 or so years industrial environments have worked hard to push the message that personal workplace health and safety is everyone’s responsibility, and that rank-and-file workers cannot simply have the attitude that other people will keep them safe. Unfortunately, this same message has not been extended to information safety and security.


Subscribe to ITWIRE UPDATE Newsletter here

PROMOTE YOUR WEBINAR ON ITWIRE

It's all about Webinars.

Marketing budgets are now focused on Webinars combined with Lead Generation.

If you wish to promote a Webinar we recommend at least a 3 to 4 week campaign prior to your event.

The iTWire campaign will include extensive adverts on our News Site itwire.com and prominent Newsletter promotion https://itwire.com/itwire-update.html and Promotional News & Editorial. Plus a video interview of the key speaker on iTWire TV https://www.youtube.com/c/iTWireTV/videos which will be used in Promotional Posts on the iTWire Home Page.

Now we are coming out of Lockdown iTWire will be focussed to assisting with your webinatrs and campaigns and assassistance via part payments and extended terms, a Webinar Business Booster Pack and other supportive programs. We can also create your adverts and written content plus coordinate your video interview.

We look forward to discussing your campaign goals with you. Please click the button below.

MORE INFO HERE!

INTRODUCING ITWIRE TV

iTWire TV offers a unique value to the Tech Sector by providing a range of video interviews, news, views and reviews, and also provides the opportunity for vendors to promote your company and your marketing messages.

We work with you to develop the message and conduct the interview or product review in a safe and collaborative way. Unlike other Tech YouTube channels, we create a story around your message and post that on the homepage of ITWire, linking to your message.

In addition, your interview post message can be displayed in up to 7 different post displays on our the iTWire.com site to drive traffic and readers to your video content and downloads. This can be a significant Lead Generation opportunity for your business.

We also provide 3 videos in one recording/sitting if you require so that you have a series of videos to promote to your customers. Your sales team can add your emails to sales collateral and to the footer of their sales and marketing emails.

See the latest in Tech News, Views, Interviews, Reviews, Product Promos and Events. Plus funny videos from our readers and customers.

SEE WHAT'S ON ITWIRE TV NOW!

BACK TO HOME PAGE
David M Williams

David has been computing since 1984 where he instantly gravitated to the family Commodore 64. He completed a Bachelor of Computer Science degree from 1990 to 1992, commencing full-time employment as a systems analyst at the end of that year. David subsequently worked as a UNIX Systems Manager, Asia-Pacific technical specialist for an international software company, Business Analyst, IT Manager, and other roles. David has been the Chief Information Officer for national public companies since 2007, delivering IT knowledge and business acumen, seeking to transform the industries within which he works. David is also involved in the user group community, the Australian Computer Society technical advisory boards, and education.

Share News tips for the iTWire Journalists? Your tip will be anonymous

WEBINARS ONLINE & ON-DEMAND

GUEST ARTICLES

VENDOR NEWS

Guest Opinion

Guest Reviews

Guest Research

Guest Research & Case Studies

Channel News

Comments