The problem . . . starts with the users!
Enterprise users — don’t like security
- Have little knowledge of security
- Value convenience over security
- Are often ignorant of reg. security rules/policies
- Feel to have the right to employee privacy
They do — unintelligent things
- Send emails with inappropriate and sensitive content
- Copy work-related information onto storage devices
- Bring their work (e.g., laptops) into unsafe environments
- Let outsiders (e.g., family members) use their work computers
But also . . . are generally willing to improve
- Are receptive to incentives and enforcement
- Obey corporate rules when enforced
- Would like to be informed before they are about to make mistakes
- Are concerned about job safety
. . . are your company’s main assets!
Types of employees that put your company at risk
- The security illiterate
- Majority of employees with little or no knowledge of security
- Corporate risk because of accidental breaches
- The gadget nerds
- Introduce a variety of devices to their work PCs
- Download software
- The unlawful residents
- Use the company IT resources in ways they shouldn’t
- i.e., by storing music, movies, or playing games
- The malicious/disgruntled employees
- Typically minority of employees
- Gain access to areas of the IT system to which they shouldn’t
- Send corporate data (e.g., customer lists, R&D, etc.) to third parties