Today’s blog post will focus studies compiled from Chief Information Security Officers (CISOs) and Chief Information Officers (CIOs) when it comes to their practices to keep their company’s files protected and the impact this has on their end user relationships.
Research Shows the Relationship Between IT and Users is Broken
According to recent surveys from VansonBourne,, Juniper Research and IDC of IT staff:
- 94%invest in proxy servers. This dedicated computer or software system acts as an intermediary between endpoint devices. It is meant to filter traffic coming into the company from the web, outside emails and attachments.
- 88%use a prohibition approach to cybersecurity. This means that users are trained on cyber threats, and to enforce better behavior, they are punished if they bypass security. If caught, this user is not allowed access to certain websites and applications. However, if the user can gain a short-term productivity benefits by bypassing cybersecurity measures, they will do so, even if it means probation if found out.
- 85%said employees are the weakest link in security, often ignoring or forgetting the education, policies and procedures enterprises have put in place to prevent risky behavior.
- 81%of employees view security as a hurdle to innovation.
- 77%CIOs feel they are in a Catch-22between letting employees access the data they need to do their job and keeping that very data safe from cybercriminals.
- 74%said end users were frustrated by how cybersecurity disrupts operations. As a result, many users file help desk requests to access the data they require. On average, 570 hours per year are spent addressing these complaints.
- 71%of CISOs feel they are perceived as the “bad guys”, consistently saying no to restricted content access.
- 70% of security threats originate from the end user.
Four Fantastic Solutions
First and foremost, the general trend in the industry is shifting away from a prohibition approach to a virtualized application isolation environment. This is similar to a developmental sandbox environment where users can download documents, open emails and access apps without impacting the day-to-day operations of the company. Once the data is scrubbed from the virtualized system, it can be transferred to the production environment, usually without the end user knowing the difference between them.
Second, CIOs and their staff need to be aware of the productivity hits within the organization and find a way to meet in the middle. If productivity is consistently hampered, employees will leave, market positions will fall, and profitability will suffer. The solutions implemented need to be bought in company-wide.
Third, the CISO position should be an enterprise position reporting to the President or COO of the organization. The cybersecurity team must work with every department or division of an organization to integrate the right solution to minimally impact productivity. If they are on the same level, the CISO can educate his or her peers about the dangers of malware, ransomware and phishing in a much more proactive approach.
Fourth, hire a cybersecurity firm. If your company experiences one or more data breaches, many negative things can unfold including: public backlash, lost sales, tarnished brand, lawsuits and the one thing this article is focused on…low or no productivity. If your data is encrypted by a cybercriminal, your employees can be sent home until the ransomware is paid and the data back in house, which may entail weeks, if not, months. A cybersecurity firm can help with application isolation, monitoring your system and preventing attacks in the first place.
Proactive Technology Group is Here to Help
We are innovators in IT consulting. By focusing on our clients’ business, we find the most effective solutions to improve security, reduce risk and maximize productivity.
We know every client is unique and there is no “one size fits all” solution. Give us a call at 516.876.8200 or send an email to email@example.com and we’ll get right back to you!