Skip to main content

Employees are deliberately circumventing security policies

(Image credit:

Most IT decision-makers believe their employees are deliberately circumventing internal security policies thus putting the entire organisation at risk of cyberattacks.

This is according to a new report by Databarracks, which claims that employee training is still the best and most important way to protect a company against potential attack. 

“People are often the weakest link in the information security chain and to prevent your organisation being caught, it’s important you make employees aware of the risks,” commented Peter Groucutt, managing director of Databarracks.

“Our research has revealed two-thirds (67 per cent) of IT decision-makers believe their employees regularly circumvent company security policies.”

Groucutt believes employees are mostly oblivious to the dangers. He thinks they’re not deliberately trying to put their business in harm’s way – they either don’t know the possible consequences, or feel too restricted to begin with.

Organisations should develop a culture of shared responsibility, Groucutt continues, saying the communication between the IT department and the rest of the business also needs improvements.

“Finally, regular training and education is vital,” he concludes.

“Awareness training is typically only carried out annually or as part of an initial induction, but this should be increased. Employees need ongoing security refreshers throughout the year, at least twice annually, to address any new threats, and ensure security remains front of mind.”

Phishing is considered one of the most popular ways of compromising a computer network and it all starts with a gullible employee, clicking a link in an email, or downloading a malicious attachment without consideration.

Sead Fadilpašić

Sead is a freelance journalist with more than 15 years of experience in writing various types of content, from blogs, whitepapers, and reviews to ebooks, and many more, across sites including Al Jazeera Balkans, TechRadar Pro, IT Pro Portal, and CryptoNews.