Ponemon Institute Reveals Employees Bypass Security

"Trends in Insider Compliance with Data Security Policies" may seem like a jargon-filled mouthful for a research paper, but the follow up of "Employees Evade and Ignore Security Policies" reads quite loudly and clearly.

It may seem like common knowledge to office staff everywhere, but this is the first time an actual, verifiable study (that was conducted by the Ponemon Institute) proved what everyone else innately knew: There's a widespread lack of enforcement and awareness of security procedures and policies in corporations today.

The vast majority of survey volunteers confessed to engaging in critical, non-compliant behavior within their workplace that could have led to hacker attacks and malware invasions. Such bad habits include use of web-based e-mail, unprotected use of USB devices, turning off security settings, sharing passwords, and may other alarming activities.

The study reveals that a whopping 69% of the respondents admit to copying sensitive or confidential business data onto their USB memory sticks, while only 13% of the employees said that their organizations have policies that allow such foolish practices, which leaves a 48% non-compliance rate overall. Moreover, 61% of the volunteers disclosed that they transfer confidential company information to other computers that aren't part of their businesses' networks

About half of the study's participants declared

that they regularly download non-business-related Internet programs from their servers onto company machines, which considerably increases the possibility of infecting whole systems with hacker-brewed security exploits, trojans, viruses, worms, and other related malware.

Also, around 58% of the respondents claim that their respective companies don't offer adequate training concerning security policies and Internet safety regulations, and nearly the same percentage of employees surmised that their data security policies are mostly useless and unsuccessful.

Furthermore, nearly 50% of the survey volunteers confessed that their business data security procedures and policies are mostly discarded by their fellow workers and even the management department itself, and sometimes their stiff and strict guidelines seem far too intricate and difficult to comprehend.

According to Dr. Larry Ponemon, the founder and chairman of the Ponemon Institute, policies and their enforcement have not been coping with the rising amount of security threats from the worldwide web as mobile device technologies become more and more commonplace in the office.

Employees nowadays are being forced to make use of the new technology without fully understanding the responsibilities and risks associated with such an innovation.