ITC Security Threat of the Week – Week 15: Do IT Professionals Trust their own Security?
A damming report by Lieberman has found many problems with the way IT employees view their own security measures. This is especially worrying as the rates of malware and viruses has never been higher and security is more important now than ever before.
One of the most damaging statistics was that nearly three quarters of respondent’s wouldn’t bet $100 that their business wouldn’t have a data breach within the next six months. Many companies are constantly reassuring customers that their managed security systems are better than ever but evidently this may not be the case. Another puzzling result was that over 80% of those asked believed that staff ignore the rules put in place by IT departments. By ignoring protocol and guidelines, employees run the risk of losing their data to hackers which is very bad news for customers.
There also seems be further issues with rule breaking, according the survey. 38.3% of respondents have witnessed a colleague accessing information that they shouldn’t and over half of these did not report this information. We are often so obsessed with protecting data from external entities that we have overlooked this problem of internal protection. This is important as customers expect privacy and will often go with companies who treat their data with the most respect.
Lieberman also found a basic lack of general security within some of its sample. Nearly a third of respondents said that they work for a company that doesn’t have a policy for password changes when upgrading or installing new hard/software. Password protection is usually the first line of defence when trying to fend off hacking and malware and so should be given the upmost priority. Users themselves are often urged to change their passwords often so the fact that companies are not following this advice is alarming.
Those worried about these issues, both externally and internally sourced should consider contacting ITC Secure Networking who can help in the architecture, execution and management of an effective and sophisticated security infrastructure.