Communicating policies to users isn’t easy. Some don’t understand them. Some willfully ignore them. And a new study shows that in at least one area, that gap is putting companies at risk.
A recent study by Data Motion asked participants a simple question: “Do employees fully understand security policies?”
Depending who was asked, there were two very different takes:
- 76% of non-IT personnel said that the did, but
- only 62% of IT pros surveyed agreed.
Clearly, one of these groups is in a much better position to determine that.
Data transfer also misunderstood
While the understanding gap isn’t huge, there are some other alarming findings from the non-IT v. IT pros in the survey. When it comes to data transfer policies:
- 51.6% of IT pros said that free consumer-type transfer sites are forbidden, but
- 27.3% of non-IT respondents agreed.
These often unsecured sites could have huge security risks. If IT bans their use (and there’s a very solid case for saying that they should), users need to know about that.
Stress data transfer rules
It’s easier than ever to transfer data online, so much so that some are predicting the death of email entirely. File-sharing sites like Dropbox abound. Workers are mobile and want access to their info on the go, so they see no problem with storing it on the public cloud until they can get back to it.
But IT knows: Securely transferring data is the hard part, and getting users to understand your rules and building in protections to help them is crucial.
Here are some ideas to encourage good file-sharing practices.
- Give multiple choices. If you only have one file-transfer service and users hate it, they’re going to work around it. Try supporting two or three different options and letting users choose between them. As long as they feel they have a choice, users will be less likely to stray.
- Encrypt mobile, too. Many users are working from smartphones and tablets today more than their PCs. Make sure you have mobile encryption for email and file-transfers.
- Update your policies. A good data transfer policy will cover which applications and services are acceptable for transferring data along with which are forbidden. If you ban Dropbox or another file-sharing app, make that clear. Otherwise, users might not even realize they’re violating policies.
- Re-state your policies. Even if your policies are up to date, it can’t hurt to send them along to users again, ask them to read over them and come to you with any questions. Keeping the information in front of them is key – there’s no telling when they might decide to look at it and ask if they’ve been doing something they weren’t supposed to.
Check out our sample cloud policy here.