Keep your resourceful employees from going rogue

Your employees are smart — that’s why you hired them. Unfortunately, they sometimes apply those creative problem solving skills in ways that might compromise the security of your company’s data.

We often think of breaches stemming from malicious behavior, but risks can also occur when employees are simply looking for workarounds to address the limitations of the technology at their disposal. Whether it’s creating an Outlook® rule to forward work mail to a personal device or using an unsecured file transfer system because it’s more effective than what the company provides, these employees are adept at getting past restrictions so they can work the way they want to.

Luckily, many of these common threats can be addressed through effective communication and standardization around approved, secure technologies.

Step 2: Work together to find solution

When you have a handle on how things currently work, you can set your sights on how they should work. Understanding the frustrations that employees feel about the technology you provide will help you get at the root of their risky behavior.

Soliciting feedback can go a long way towards identifying common pain points that cause workers to circumvent your security. And if you involve them directly in the selection of technologies that you will use to address those frustrations, you greatly increase the likelihood that they will actually want to use the tools you provide.

One area where your workers are likely to have strong opinions is how they access emails and company files on personal devices. The “bring your own device” (BYOD) trend has become an accepted norm, as evidenced by a 2014 study which found that nearly 60 percent of workers access company networks through personal devices.¹ If employees are doing this surreptitiously, it may be because they are wary of handing over authorization to wipe all of the data on their personal device. Working with your IT team or managed services provider to implement a mobile device management suite that uses app containers to only wipe corporate data in the event of loss or theft is a good example of a solution that strikes a balance between employee concerns and security needs.

Step 3: Educate and maintain an open dialog

You’ve developed an understanding of the risks within your organization, and decided on what technologies and policies to implement in addressing them. Your final step is ensuring that these changes stick and that your employees don’t slip back into bad habits. It’s vital that you train them on any new tools you’re providing to increase the probability that they actually get used.

Many of your employees are likely unaware of the threats their behavior can pose, so educating them on security best practices can also help curb misuse. It’s important to keep in mind that the needs of your employees and your organization are fluid and this is an ongoing process. Ensure that all new hires are trained on security policies and schedule yearly refreshers to keep current employees up to speed and identify any new technology challenges they are facing.

Evaluating and addressing your risks through this worker-centric lens will not only fortify the security of your organization, it will also increase employee satisfaction with the technology you provide and make them more productive. Ultimately, remember that the best way to keep your employees from going around your security is by providing them with solutions that make it unnecessary.