Raising Security IQs in Employees

By: Absolute Team | 2/6/2015

In our Mobile Enterprise Risk Survey, we found that data security was being hampered by employees, who do not accurately value the corporate data on their devices, nor their role in protecting this data. The survey showed that 23% of the respondents believe that data security is “not their responsibility,” and that 59% of employees believe the corporate data on their phone is worth less than $500. These mistaken beliefs have made employees one of the biggest risks to data security.

Subsequent surveys and reports throughout the year have reenforced the idea that employee actions have the highest impact on the vulnerability of corporate data on mobile devices and that user negligence is one of the biggest threats to personal devices. It’s clear that educating and empowering employees is a central part of improving data security.

CSO Online’s David Geer looks at what happens when employees with “low security IQs” are promoted, with the fallout we see above, and just how organizations can go about improving security knowledge without creating an environment of fear and mistrust. For example, while accountability is key to data security, too much punitive action could lead to employees no longer reporting security incidents.

Suggested ways to raise security IQs include:

  • IT should be available, appreciative and responsive to security questions
  • Reward employees for asking questions or reporting concerns or their own mistakes
  • Make following security standards a part of everyone’s job descriptions
  • Leverage tools like DLP to not just block unwanted actions, but trigger security discussions
  • Be creative, possibly adopting simulations on things like phishing or using contests
  • Promote security champions within the organization
  • Create a two-way and ongoing discussion on best practices

These tips, and many more, are shared in the article.

At Absolute, we believe in the power of people, process and technology to curb security risks. We believe technology can support positive employee behavior. Absolute Service can help streamline IT responses and offer self-service options to employees, which can support both the IT team and its ability to create effective training programs. Absolute Manage can simplify BYOD and monitor device security, triggering security discussions, while Absolute Computrace can track devices and enforce compliance in the event of loss or theft, protecting data even when mistakes are made.

Financial Services