Cisco Blogs

Bridging the Divide Between IT and Employees

October 28, 2008 - 0 Comments

Last month I wrote about a study that we commissioned, which examined data loss in relation to employees worldwide. We’ve been sharing our findings in chapters, via IPTV, and today we’ll discuss chapter two.In this latest installment, we’re focusing on the effectiveness of corporate security policies and employees’ rationale when breaking them. It’s pretty interesting stuff when you look beneath the surface. One issue seems to be dueling perceptions between IT and employees. For instance, while 80 percent of IT professionals say they have a corporate security policy in place, only 50 percent of employees know about it.But even when there is employee awareness of security policy, sometimes it’s not enough to prevent risky behavior. When our research asked respondents why they violate corporate security policies, one in 10 employees blamed such behavior on the fact that they only have one computer for work and play or that they’re too busy to think about it. About 10 percent justify their behavior by saying other colleagues do it.So why is this such a concern? When employees disregard policy, they introduce potential avenues of data loss and an array of threats that can cause serious harm-to their companies and to themselves. Just last week the New York Times reported on the increase in botnets, which work to quickly take over computers. When that happens not only is corporate intellectual property at risk, but also the personal data of its employees. Enforcing corporate security policies and ensuring employees are aware of them makes good common sense. But as we’ll discuss in our IPTV broadcast today, if the policies don’t allow employees to get their jobs done, they’re simply not effective.What’s going in your organization? Are IT and employees on the same page when it comes to corporate security? Why do you think employees break policy? Do you agree with the findings? Send us your comments - and join the discussion on our broadcast this morning. To learn more about the study, see our press release, which went out on the wires this morning.

In an effort to keep conversations fresh, Cisco Blogs closes comments after 60 days. Please visit the Cisco Blogs hub page for the latest content.