Research: Why Employees Violate Cybersecurity Policies - Deepstash
Research: Why Employees Violate Cybersecurity Policies

Research: Why Employees Violate Cybersecurity Policies

Curated from: hbr.org

Ideas, facts & insights covering these topics:

6 ideas

·

408 reads

5

Explore the World's Best Ideas

Join today and uncover 100+ curated journeys from 50+ topics. Unlock access to our mobile app with extensive features.

Digital Attacks On Organizations

Digital Attacks On Organizations

In the modern cybersecurity landscape, every employee is a potential threat vector. To keep their organizations safe, technical and business leaders alike must understand the factors that can make anyone susceptible to flouting policy and opening the door to attackers.

While the idea of a resentful employee purposefully trying to harm their company may make for a compelling story, research points to the major role of employee stress in motivating non-malicious (yet potentially catastrophic) security breaches.

11

98 reads

The Startling Findings

A recent study suggests that the vast majority of intentional policy breaches stem not from some malicious desire to cause harm, but rather, from the perception that following the rules would impede employees’ ability to get their work done effectively.

Employees are more likely to violate policy on days when they are more stressed out, suggesting that high-stress levels can reduce people’s tolerance for following rules that seem to get in the way of doing their jobs.

11

96 reads

The Leading Cause: Stress

Common sources of stress include family demands that conflicted with work, job security fears, and ironically, the demands of the cybersecurity policies themselves.

People are more likely to violate procedures when they worry that following them would hinder productivity, require extra time or energy, mean doing their jobs in a different way, or make them feel like they were constantly being monitored.

11

83 reads

Malice And Ignorance Can Mix

There are a lot of well-intentioned reasons that an employee might knowingly fail to fully follow the rules.

Rather than focusing on malicious attacks, security policies should acknowledge the fact that many employee-driven breaches stem from an attempt to balance security and productivity. This means educating employees and managers on the prevalence of non-malicious violations and providing clear guidance on what to do if adherence to security practices seems to conflict with getting work done.

11

38 reads

Job Design and Cybersecurity Are Intertwined

As the myriad stresses of the pandemic make it harder to maintain productivity, that means that security tends to take a backseat to the critical tasks that drive performance reviews, promotions, and bonuses.

To address this, managers must recognize that job design and cybersecurity are fundamentally intertwined. The reality is that compliance with cybersecurity policies can add to employees’ workloads, and so it should be considered and incentivized alongside other performance metrics when workloads are determined.

13

42 reads

Hackers Take Advantage of Altruism (Helping Coworkers)

in a study, around 18% of policy violations were motivated by a desire to help a coworker. The pandemic has only increased the challenges we all face every day, and thus has created even more opportunities for well-meaning employees to “help” their peers in ways that leave their organizations vulnerable.

Hackers know this, and they will often intentionally use social engineering tactics that take advantage of employees’ willingness to bend the rules if they think they’re helping someone out.

11

51 reads

IDEAS CURATED BY

saisha

Sharing is caring

Saisha 's ideas are part of this journey:

Hiring Without an Office

Learn more about mentalhealth with this collection

How to build trust in a virtual environment

How to manage remote teams effectively

How to assess candidates remotely

Related collections

Read & Learn

20x Faster

without
deepstash

with
deepstash

with

deepstash

Personalized microlearning

100+ Learning Journeys

Access to 200,000+ ideas

Access to the mobile app

Unlimited idea saving

Unlimited history

Unlimited listening to ideas

Downloading & offline access

Supercharge your mind with one idea per day

Enter your email and spend 1 minute every day to learn something new.

Email

I agree to receive email updates