While enterprise companies try to keep up with outside security threats, a larger one is lurking within. According to a recent study from Clearswift that polled 300 IT decision makers in the UK, 58% of security threats are coming from within enterprise organizations – not outside of them.
The US isn’t far behind, with an estimated 43% of security threats coming from within, according to a 2015 study by Intel.
These kinds of IT compliance related security issues range from simple phishing schemes that target employees through email to more sophisticated and intentional data leaks.
The problem, though, is that IT experts attribute half of these insider threats to non-malicious accidental incidents. Let’s restate that: more than 20% of IT attacks and data leaks are caused by employees simply making mistakes that are easily preventable.
Even with more than half of enterprise attacks coming from outside the organization, internal threats due to negligence still make up a disproportionate amount of security threats. IT compliance can mitigate that risk.
How to Improve IT Compliance in the Workplace
Improving IT compliance is easier said than done, because at the end of the day, no amount of employee training and education can remove 100% of the risk of employee negligence.
It can, however, significantly decrease that 20% by further educating employees on what is and what isn’t appropriate online behavior.
In fact, enterprise companies that are succeeding at increasing IT compliance within their organizations are the ones that are making it a joint effort by including employees and department heads in the process.
This helps the IT department understand how each department is interacting with and using the network and IT infrastructure and where the potential for leaks could be happening.
At the end of the day, the CIO and the IT department need to employ multiple tactics to combat IT non-compliance, whether that’s one-on-one departmental education sessions on appropriate IT usage or preventative technology solutions to help keep internal threats to a minimum.
Companies that take this approach will be able to focus more time and attention on threats that they can’t control.
This article was first published by Virtual Forge.