Each day employees meet new people in the office, have multiple passwords and account details to remember and need to provide and send sensitive data. Your businesses information security relies on how your employees decide to deal with these situations. Some reasons behind why employees make these decisions which make you non-compliant are listed below;
1) There is no clear reason to comply – Employees usually don’t fully understand the concept of information security and what it is there to protect, and even if staff are aware then there is a lack of motivation to comply. Using personal USB’s on the business systems providing easy access for malware & deleting data after transferring data which is unencrypted are examples of non-compliant actions.
2) The cost of compliance is too high – Most employees are hired to perform specific jobs, therefore their priority is to efficiently complete that job role and information security will be of second importance. When security causes extra work for employees, completing tasks non-compliantly mean they can complete their main tasks quicker.
3) The means of compliance are obstructive – Employees are unable to comply because the security rules of the organisation don’t match their basic requirements. For example, a business giving employees encrypted USB drives with little storage space, meaning they share files over email or use unencrypted devices.