I think the headline is a bit sensationalist, given that the results come from a survey where the context is all of the things you are worried about right now, so the respondents are considering things much more immediate to them than their workplace data:
“The Unisys Security Index, released on Tuesday, calculates a score out of 300 that measures consumer attitudes over eight areas of security in four categories. The eight areas include national security, disaster/epidemic, bankcard fraud, financial obligations, virus/hacking, online transactions, identity theft, and personal safety. “
But even with that caveat, if you think all of your employees are highly trained, highly motivated, and on the lookout for data security at all times, you should probably think again. And, you should probably think about why that is.
I can think of two reasons.
- The company’s data security is the company’s problem, not the employee’s.
That’s not to say that employees don’t care, engaged employees do care if there’s a data breach at their company, and want the company to do well and stay safe overall. But, they haven’t really been given an incentive to care that much. One because many of your employees probably aren’t very engaged at all, and also because:
- There are no consequences for getting it wrong.
How many times has a senior exec willfully routed around security protocols and faced zero consequences? How many times has someone you worked with fallen for a simple phishing email and had no real consequences? If I know that nothing is really going to happen to me if I am the security weak spot, or that the company isn’t really following it’s own guidelines, why should I spend a lot of time worrying about it? There’s plenty of other things to worry about and focus on. Which is exactly what I take away from this survey.
So, what are you doing to make security your employees concern?