Employees see IT as an “inconvenience” and look for ways to get around security measures, putting the organization at risk, according to SailPoint’s 2018 Market Pulse Survey.
IT can’t make the organization secure if the user is working in the exact opposite direction. IT puts security controls on file sharing, and users open a personal cloud storage account they control. IT locks down the ways employees can use collaboration software, and employees in a department find one of their own, bypassing IT entirely.
With such an abundance of great solutions in the cloud and on-prem today, you’d think users would be praising IT. But, as SailPoint’s report points out, users are anything but satisfied:
All of these stats add up to one very frightening conclusion: user’s attitudes towards IT are putting the organization at risk of cyberattack.
Organizations need to educate users on why security is so critical to operational success – and why security established controls need to be respected. This can only be truly accomplished by establishing a security culture within the organization. The most effective way to accomplish both goals is by using Security Awareness Training to elevate the user’s understanding of the need for security, their role in it, and tactically how to engage properly with email and the web in a way that protects the user and the organization.
You can’t necessarily stop a user from using a cloud-based solution of their choosing, but you can improve their understanding of how doing so impacts the security of the organization.