A recent survey by Stroz Friedberg, a firm specialized in investigation and risk management, revealed that senior managers are contravening their organizations’ security protocols, putting the protection of sensitive and confidential information at risk.
In fact, according to the survey:
- almost 90% of senior managers upload work files to their personal email or cloud accounts;
- over 50% have sent sensitive information to the wrong people;
- approximately 50% take work-related files with them after leaving their job.
The main reasons given by senior managers for this behaviour are the high pressure of their jobs, their busy schedules and an attitude that they are above the rules and don’t have to follow them. They also say that they don’t have the time to use security measures, or that they are inconvenient or complex (e.g., ensuring that remote connections are secure by using a virtual private network). As well, some of them prefer to use their own personal devices.
The problem is that not all senior managers are conscious of the risks of leaking sensitive information and the potential consequences (e.g., legal).
It is important to keep in mind that awareness-raising and training programs in information security must be on-going within enterprises. These programs should be adapted to a variety of groups (such as employees, managers and senior managers). They must explain and justify the security practices to be followed to protect the organization’s information. In order to instil a culture of security in business, efforts must be directed specifically toward raising the awareness of top management, who have a duty to promote security within their organizations. Senior executives and managers should lead the way in using secure practices, to show how important information security is to them.
For more information on the subject, consult the following article and the Stroz Friedberg report: