A newly released Dell End-User Security Survey showed that even employees with information security education and training could engage in risky security practices. According to the survey, a good news is that 76% of employees feel their company prioritized security rather than productivity, and two out of three employees are trained, but 18% of them still engaged in unsafe security practices, and 24% of them did not care because they thought it is unavoidable for productivity. They also found that 72% of employees are willing to share confidential, sensitive, or regulated information with others under certain circumstances, and 35% think it’s common to see workers leaving with corporate information when they leave an organization. I think there are two problems, the first one is that balance of security and productivity. For productivity, employees would share data with each other or skip over some security steps to complete tasks more effectively. The second problem is that employee security training is not very effective so that employees still have bad security practices and habits. Organizations should realize that the security training must be continuous to create a security culture so that employees can always be aware that security has more priority than productivity.