This is not good. How many IT folks even have the ability to say no?
“The issue of C-Suite executives (i.e. the top level executive managers of the company) requesting security exemptions from their IT teams has been highlighted by a MobileIron survey, reported on by Help Net Security here.
The survey showed that just under 80% of C-Suite executives had requested to bypass security protocols in the last year, with 30% having requested such exemptions four times or more.”
The risks are laid out pretty well in the article below, but as I said earlier, the real issue is that in many organizational cultures, saying no to the C-Level, or the partners in a firm, or founders of a startup, is simply not accepted.
Even if they are creating a huge security risk.
That has to change if you expect your employees to take security seriously. Why should they if you are willing to take shortcuts with it yourself?