Next Data Breach Could Mean Your IT Job

Today’s article by Larry Greenemeier posted on “The best time to review, improve, and communicate security policies is before potential problems surface”. Usually, “an employee or contractor makes an arbitrary decision to violate security policies so as to make his job easier”, and policies aren’t enforced in a company as long as the work gets done and nothing bad happens.

What’s particularly alarming is that the desire for security compliance doesn’t sync with the effort businesses put toward training and education, both within the IT department and throughout the workforce. Monitoring user compliance ranked as the No. 1 security priority in a survey of 966 U.S. companies polled by InformationWeek Research and Accenture. Security policies typically define who has access to data, how it can be used, where customer data can and can’t be stored, any potential legislation the company is subject to if the data is breached, and whether data must be encrypted.

However, more than half of U.S. companies surveyed say security technology and policy training would have no impact on alleviating employee-based breaches, a sentiment shared by more than half of the companies surveyed in Europe and China as part of the InformationWeek 2006 Global Security Survey. In fact, most companies surveyed worldwide admit they don’t train their employees on information security policies and procedures on a regular basis, preferring instead to deliver ad hoc training.

“Given the increase in the number of data breaches, businesses can’t allow security polices to become hampered by ambivalence and red tape. Next time, it could be your job on the line.”

This blog is run by the authors of FindProtected.
FindProtected is a security program that allows you to search for password protected files. With FindProtected, you can effectively identify protected files containing sensitive data on your network.

Comments are closed.