One day people will realise that telling employees to take the security of their companys network seriously is an exercise in futility. Its like asking motorists not to speed in their cars. If cars werent intended to cruise at 120mph, why did manufacturers bother to invent exhaust turbochargers?
In its latest survey of employee behaviour, Sophos notes that 79% of IT professionals believe that employees are putting their companies at risk by failing to act safely online.
It lists the seven deadly sins (only seven?) employees are guilty of, including the usual gamut of porn surfing, music downloading, email forwarding, and password naivety. It departments have a lot on their plate, it seems, and its almost all the Internets fault.
In a perfect world, IT departments wouldnt be stuck in the middle in all this. They would wave a magic wand and be able to enforce policies on everything. Even better, IT would have developed along mainframe lines using proprietary communications protocols and none of this would have come to pass at all.
The survey lists good practice, and there is certainly plenty that can be done to stop things getting out of hand. But the bigger question is why dont IT departments do follow these procedures anyway?
If they dont then perhaps the problem is not the idle folly of the users.