Keep your resourceful
employees from going rogue

Your first move should be to take stock of how your employees are currently using technology in order to identify behaviors that may pose a security threat. Many of these risks are tied to the way files and information are transferred, stored and shared, so it is especially important to evaluate how information moves through — and out of — your organization.

For instance, how do your employees currently send files that exceed the file size limits of your corporate email system? Are they using a personal cloud-storage service such as Dropbox, Google Drive or OneDrive? Are they physically transferring files via unsecured USB drives? Employees may feel that these processes are a necessary part of getting their jobs done, but it also puts company information outside of any security systems you have in place.

The best way to learn how your employees work with technology is straight from the horse’s mouth. Ask them about the processes they are currently using and make it abundantly clear that they will not be in trouble if everything they’re doing hasn’t received the company stamp of approval. It’s crucial that you’re able to get an honest assessment of the situation, so your workers must feel free to share without fear of reprisal.

When you have a handle on how things currently work, you can set your sights on how they should work. Understanding the frustrations that employees feel about the technology you provide will help you get at the root of their risky behavior.

Soliciting feedback can go a long way towards identifying common pain points that cause workers to circumvent your security. And if you involve them directly in the selection of technologies that you will use to address those frustrations, you greatly increase the likelihood that they will actually want to use the tools you provide.

One area where your workers are likely to have strong opinions is how they access emails and company files on personal devices. The “bring your own device” (BYOD) trend has become an accepted norm, as evidenced by a 2014 study which found that nearly 60 percent of workers access company networks through personal devices.¹ If employees are doing this surreptitiously, it may be because they are wary of handing over authorization to wipe all of the data on their personal device. Working with your IT team or managed services provider to implement a mobile device management suite that uses app containers to only wipe corporate data in the event of loss or theft is a good example of a solution that strikes a balance between employee concerns and security needs.

You’ve developed an understanding of the risks within your organization, and decided on what technologies and policies to implement in addressing them. Your final step is ensuring that these changes stick and that your employees don’t slip back into bad habits. It’s vital that you train them on any new tools you’re providing to increase the probability that they actually get used.

Many of your employees are likely unaware of the threats their behavior can pose, so educating them on security best practices can also help curb misuse. It’s important to keep in mind that the needs of your employees and your organization are fluid and this is an ongoing process. Ensure that all new hires are trained on security policies and schedule yearly refreshers to keep current employees up to speed and identify any new technology challenges they are facing.

Evaluating and addressing your risks through this worker-centric lens will not only fortify the security of your organization, it will also increase employee satisfaction with the technology you provide and make them more productive. Ultimately, remember that the best way to keep your employees from going around your security is by providing them with solutions that make it unnecessary.