- The newest Echo Show 8 just hit its lowest price ever for Black Friday
- 기술 기업 노리는 북한의 가짜 IT 인력 캠페인··· 데이터 탈취도 주의해야
- 구글 클라우드, 구글 워크스페이스용 제미나이 사이드 패널에 한국어 지원 추가
- The best MagSafe accessories of 2024: Expert tested and reviewed
- Threads will show you more from accounts you follow now - like Bluesky already does
IT Governance Blog: the psychology of information security
Your employees encounter potential cyber security threats on a daily basis. Perhaps there’s a new face in the office that they don’t recognise, or a new password they need to remember, or a database of sensitive information that they need to upload onto the Cloud.
In The Psychology of Information Security, Leron Zinatullin explains how employees respond to those challenges and explains why they make the decisions they do.
For example, he found that employees usually don’t have a solid understanding of information security or their obligations to protect information.
In the rare cases where employees are aware of and follow a security policy, they don’t appreciate why those rules are in place.
The cost of compliance is too high
The majority of employees within an organisation are hired to execute specific jobs, such as marketing, managing projects, and manufacturing goods.
Therefore, an employee’s main priority is often to ensure efficient completion of their core business activity, and information security will usually only be a secondary activity.
Zinatullin found that, when security mechanisms cause additional workload, employees will favour non-compliant behaviour in order to complete their primary tasks quickly.
The means of compliance are obstructive
Sometimes, employees are unable to comply even if they are willing because the security mechanisms of the organisation do not match their basic requirements.
Examples include an organisation giving employees encrypted USB drives with too little storage space, forcing them to share files via email or non-encrypted drives.
Another problem is having to use multiple passwords to access multiple systems. Users normally resolve this problem by writing down their passwords.
Want to know more?
The information in this blog was taken from Leron Zinatullin’s The Psychology of Information Security.
Use this book to understand your employee’s behaviour and resolve security-related conflicts.
It contains insights gained from academic research, as well as interviews with UK-based security professionals from various sectors, and will help you develop a security programme that accounts for human weaknesses and your wider business objectives.
A version of this blog was originally published on 6 February 2017.