Future of Work News Free eNews Subscription

How to Ensure Employees Follow IT Security Rules

By

Few employees are ever happy with new IT security policies, particularly when they are handed down from on high. They feel like an interference with the daily workflow – extra chores for no extra pay. But while these new security procedures are usually critically necessary for the organization, not having rank-and-file employee buy-in can mean that users disregard them, which can be dangerous.

For this reason, it’s important to get buy-in from employees. This may involve including them – at least in some small way – in the investigation and planning processes.

"A policy for policy's sake is useless if it isn't being used to ensure proper processes are followed," said Danny Hammond, security research analyst at Info-Tech Research Group. "A policy should exist for more than just checking a requirement box. Policies need to be quantified, qualified, and enforced for them to be relevant."

Info-Tech Research Group recently published a new industry blueprint to help companies develop and implement effective security policies. One key point is that employees are not paying attention to policies, which could be due to a lack of awareness and understanding of the security policies’ purpose, how they benefit the organization, and the importance of compliance when policies are distributed. Furthermore, informal, un-rationalized, ad hoc policies do not explicitly outline responsibilities, are rarely comprehensive, and are difficult to implement, revise and maintain.

To nurture an effective security policy and increase engagement, organizations must make a concerted approach to developing a policy lifecycle that involves stakeholders from development to deployment, review and monitoring, according to Hammond.

"No published framework is going to be a perfect fit for any organization, so take the time to compare business operations and culture with security requirements to determine which ones apply to keep the organization secure," Hammond said.

This process may include defining security policies in a way that employees can understand; ensure that policies are reasonable, enforceable and measurable; and effectively communicating the process to employees at every step along the way.




Edited by Erik Linask
Get stories like this delivered straight to your inbox. [Free eNews Subscription]
Author Info
Tracey E. Schelmetic

Future of Work Contributor

Click here to read full bio

SHARE THIS ARTICLE

Related Articles

ICYMI: What's in Store for the Future of Work

By: Greg Tavarez    5/3/2024

Let's get into what the future of work has in store for all - some with AI solutions and some without.

READ MORE

Leostream Integrates with Windows 365 to Simplify Remote Work

By: Greg Tavarez    5/3/2024

Integrating with Microsoft Windows 365, the Leostream Platform looks to allow Windows 365 users to access additional resources with a consistent and u…

READ MORE

No More Ticket Fumbling: Titans Faster Entry with Facial Recognition Deemed a Success

By: Greg Tavarez    5/2/2024

The Tennessee Titans teamed up with Verizon and embraced next-generation biometric solutions powered by Verizon's 5G Edge Accelerated Access.

READ MORE

Yealink Launches MVC S40 for Enhanced Hybrid Collaboration

By: Stefania Viscusi    5/2/2024

Yealink introduced the MVC S40, an AI-powered solution designed to transform hybrid workspaces and enhance collaboration efficiency

READ MORE

AI Can Help Improve "Ambidexterity" in the Contact Center, According to New Study

By: Tracey E. Schelmetic    5/2/2024

New research involving the School of Management at Binghamton University, State University of New York explored AI and the concept and applications of…

READ MORE
VIEW ALL