Published at BCS.org at http://www.bcs.org/server.php?show=conWebDoc.18403
31 March 2008
A significant proportion of employees claim that they have been forced to circumvent their company's information security measures in order to do their jobs effectively.
Research carried out by IT Governance found that 68 per cent of staff admitted bypassing such controls despite the fact that 96 per cent of the firms polled held some personal information about individuals.
Some 82 per cent of businesses were found to have policies and procedures in place for the protection of personal information. While 89 per cent of these relate to data access, just 56 per cent focus on identifying and reporting data loss.
"By imposing ill-considered procedures, many organisations leave people little option but to break the rules if they are to do their jobs," said Alan Calder from IT Governance.
"This not only leaves businesses vulnerable to data breaches and fines, but also does lasting damage to the way employees regard infosecurity."
A recent report from PricewaterhouseCoopers suggested that companies need to focus on staff behaviour in boosting information security. Partner Chris Potter said that "having a security policy alone does not magically improve security awareness among staff".