Why are certain employees more likely to comply with information security policies than others?

2020-10-09 03:30

Information security policies that are not grounded in the realities of an employee's work responsibilities and priorities expose organizations to higher risk for data breaches, according to a research from Binghamton University, State University of New York.

The study's findings, that subcultures within an organization influence whether employees violate ISP or not, have led researchers to recommend an overhaul of the design and implementation of ISP, and to work with employees to find ways to seamlessly fit ISP compliance into their day-to-day tasks.

"The frequency, scope and cost of data breaches have been increasing dramatically in recent years, and the majority of these cases happen because humans are the weakest link in the security chain. Non-compliance to ISP by employees is one of the important factors," said Sumantra Sarkar, associate professor of management information systems in Binghamton University's School of Management.

"We wanted to understand why certain employees were more likely to comply with information security policies than others in an organization."

"Physicians, who are dealing with emergency situations constantly were more likely to leave a workstation unlocked. They were more worried about the immediate care of a patient than the possible risk of a data breach," said Sarkar.

News URL

http://feedproxy.google.com/~r/HelpNetSecurity/~3/pZzlAFHwMuw/

#security