One of the biggest challenges of keeping data secure is convincing everyone in an organization that they must follow IT security policies – including executives and managers who may believe they’re above the law.
The majority (56%) of IT professionals say their organization’s directors believes that IT’s security rules don’t apply to them, according to a recent survey from security vendor Cryptzone.
In addition, 42% said directors and senior managers in their companies flat out ignore security policies. What may be even worse, 52% of respondents said they agreed with the statement, “The board of directors have access to the most sensitive information but have the least understanding of security.”
One possible solution to that problem: Offer the right amount of training to the right people.
The majority (65%) of IT pros said everyone in their organization gets the same amount of training, regardless of their jobs. But the higher up in the company you go, the greater the potential for exposing sensitive information, so IT must make sure those people get enough information to minimize security risks.
It’s also important to design training and other educational initiatives so that people only receive information that applies to them.
For more help getting everyone in the organization on board with IT security, read our earlier post on three pitfalls to avoid when promoting a security-conscious culture.