Future of Work News

How to Ensure Employees Follow IT Security Rules


Few employees are ever happy with new IT security policies, particularly when they are handed down from on high. They feel like an interference with the daily workflow – extra chores for no extra pay. But while these new security procedures are usually critically necessary for the organization, not having rank-and-file employee buy-in can mean that users disregard them, which can be dangerous.

For this reason, it’s important to get buy-in from employees. This may involve including them – at least in some small way – in the investigation and planning processes.

"A policy for policy's sake is useless if it isn't being used to ensure proper processes are followed," said Danny Hammond, security research analyst at Info-Tech Research Group. "A policy should exist for more than just checking a requirement box. Policies need to be quantified, qualified, and enforced for them to be relevant."

Info-Tech Research Group recently published a new industry blueprint to help companies develop and implement effective security policies. One key point is that employees are not paying attention to policies, which could be due to a lack of awareness and understanding of the security policies’ purpose, how they benefit the organization, and the importance of compliance when policies are distributed. Furthermore, informal, un-rationalized, ad hoc policies do not explicitly outline responsibilities, are rarely comprehensive, and are difficult to implement, revise and maintain.

To nurture an effective security policy and increase engagement, organizations must make a concerted approach to developing a policy lifecycle that involves stakeholders from development to deployment, review and monitoring, according to Hammond.

"No published framework is going to be a perfect fit for any organization, so take the time to compare business operations and culture with security requirements to determine which ones apply to keep the organization secure," Hammond said.

This process may include defining security policies in a way that employees can understand; ensure that policies are reasonable, enforceable and measurable; and effectively communicating the process to employees at every step along the way.

Edited by Erik Linask

Future of Work Contributor

Related Articles

RingCentral DaaS: Hardware Management via Single-Vendor Procurement

By: Alex Passett    1/25/2023

The new Device-as-a-Service (DaaS) offering from RingCentral provides a plethora of benefits to customers, including lower upfront hardware costs from…


Kroger Better Utilizes Associates' Talents with Google Cloud and Deloitte Assistance

By: Greg Tavarez    1/25/2023

Kroger is working with Google Cloud and Deloitte to create two purpose-built applications to enhance associate productivity.


Responsible Technology Becomes Pressing Need

By: Greg Tavarez    1/23/2023

Almost three-fourths of business leaders believe that "responsible technology considerations will eventually come to equal business or financial consi…


Unified Office to Exhibit at Future of Work Expo Florida 2023

By: TMCnet News    1/23/2023

Future of Work Expo explores how artificial intelligence and machine learning can improve business applications, communications, collaboration, contac…


Windstream Partners with AWS for Better Virtual Meeting Experiences

By: Stefania Viscusi    1/20/2023

Windstream Communications, has partnered with Amazon Web Services, Inc. (AWS) to provide users of its Enterprise OfficeSuite Live with a way to meet s…