Cybersecurity is a constant balancing act between convenience and data protection. The former always wins, no matter how much IT professionals might wish otherwise. The consumerization of IT is at the heart of this issue.
Modern workers demand that the tools and applications they are provided in the workplace offer a user experience in-line with what they use in their personal life. When that demand is ignored, they are remarkably skilled at circumventing security protocols. They are interested in doing their jobs – not in adhering to IT’s expectations on how to protect their data.
Worse, even if you do manage to somehow strike a balance, security is not certain. Workers may still have a lax attitude towards protecting corporate data. Learning to recognize such an attitude is essential.
They Dislike Your IT Department
Your IT department should be seen by others within the organization as valuable members of the team. If workers consider them an impediment or roadblock to doing their jobs, that’s a sure sign something needs to change – both culturally and with your security processes. The divide between IT professionals and regular workers is a relic of the past.
Let’s leave it there.
They Overuse Consumer Apps And Devices
There is nothing wrong with the regulated use of consumer tools in the workplace. Some of them can actually be secure under the right conditions. But if every single worker in your business uses consumer apps instead of corporate ones, this signifies two things.
First, your corporate tools are inadequate. Second, your workers don’t understand the reason you mandate their usage. The first can only be solved by revisiting the toolkit you provide your employees – the second will require security awareness training.
Do your workers still use old, insecure passwords? Do they even bother changing their default login information when given a new account? Do they use consumer file-sharing services and thumb drives for sharing sensitive data?
Most employees are well-intentioned, but ignorant. They might accidentally forward a document to the wrong recipient, or open a phishing email without realizing it’s not actually from their boss. Security awareness training is necessary to mitigate this carelessness.
Cybersecurity Is Serious Business
Your employees are your most valuable resource – but they are also your biggest cybersecurity headache. It is your job to teach them about the importance of good security practices. Show them how to properly use software, talk to them about the importance of a password manager, and inform them of how to recognize phishing scams and malicious emails (to name a few examples).
Because while many of them may be ignorant now, that doesn’t mean they should remain so. Do your part to help them take cybersecurity more seriously. Your customers and stakeholders will thank you for it – and you’ll be glad you made the effort.