A newly released Dell End-User Security Survey showed that even employees with information security education and training could engage in risky security practices. According to the survey, a good news is that 76% of employees feel their company prioritized security rather than productivity, and two out of three employees are trained, but 18% of them still engaged in unsafe security practices, and 24% of them did not care because they thought it is unavoidable for productivity. They also found that 72% of employees are willing to share confidential, sensitive, or regulated information with others under certain circumstances, and 35% think it’s common to see workers leaving with corporate information when they leave an organization. I think there are two problems, the first one is that balance of security and productivity. For productivity, employees would share data with each other or skip over some security steps to complete tasks more effectively. The second problem is that employee security training is not very effective so that employees still have bad security practices and habits. Organizations should realize that the security training must be continuous to create a security culture so that employees can always be aware that security has more priority than productivity.
Link: http://www.darkreading.com/endpoint/users-overshare-sensitive-enterprise-data/d/d-id/1328689
Continuous training will inevitably affect productivity. Slowly but surely, these statistic numbers are improving. I’m almost certain things looked worse five to ten years ago. Also, let’s keep in mind that no security system is perfect and of course so are employees. There will be employees who demonstrate more concerns than others. Obviously, the work is no where near to be done, but may all parties involved continue to contribute to make things better.