Many employees practice poor security habits in order to be more productive, or because they do not understand why security policies are put in place.
For example, employees who do not have laptops will send work e-mails to their private e-mail addresses and save confidential documents on their mobile devices in order to access these out of the office.
Security cannot only be addressed on a technical level because employees are creative and will figure out ways around security barriers.
Robb Anderson, risk officer at Old Mutual
This is according to Robb Anderson, a risk officer at Old Mutual, who spoke at the ITWeb Security Summit yesterday about his company's campaign to instil good security practices among its employees.
Anderson pointed out that employees can also unwittingly make themselves targets for cyber criminals. He used the new generation entering the workforce as an example of this, referring to them as a social generation that shares everything online.
According to Anderson, this generation will put detailed biographies on their social media accounts, including where they work. Some employees even sign up for online accounts using their corporate e-mail addresses.
All of these practices present security risks for businesses, said Anderson.
He stressed that security cannot only be addressed on a technical level because employees are creative and will figure out ways around security barriers. He noted that even developers, who understand security implications, often feel that security takes time and therefore overlook it in order to be more productive.
For this reason, Old Mutual runs a campaign to educate its employees about security. Anderson said the campaign is engaging in order to bridge the gap between people and technology. It comprises puzzles, posters and animated educational videos. Employees are also tested, and if they get full marks, their names are entered into a raffle, where they stand to win a prize.
The campaign has been successful, says Anderson. For example, before the campaign, 25% of Old Mutual employees said they used the same password for all their accounts, including social media accounts and online banking accounts. After the campaign was initiated, however, none of the employees said they used the same password.
Share