Report: employees ignore, evade computer security policies

A new study released this week by the Ponemon Institute reveals that there is a general lack of awareness and enforcement of computer security policies at many companies.

According to the study, “Trends in Insider Compliance with Data Security Policies,” which was sponsored by secure flash drive manufacturer IronKey, many employees admitted to behaviors that could put their companies at risk of cyber attacks or theft of proprietary information.

Some of the key findings of the study include:

• A majority of employees admitted to such behaviors as improper use of a USB memory stick, using Web-based email accounts, sharing passwords, and turning off computer security settings
• Nearly 69 percent of those surveyed said they had copied confidential company information onto a USB device. Only 13 percent of respondents said that their companies had a policy that allows for such actions.
• Another 61 percent of respondents admitted to copying information onto a USB stick and then transferring the data onto another computer.
• More than half of the respondents said that their companies provide inadequate training as it relates to computer and network security.
• About half of the employees surveyed said that their companies’ security policies are simply ignored.
• Compared with a similar study conducted two years ago, employee behaviors are getting worse.

To view the entire study, visit IronKey on the Web at