82 per cent agree that getting users to sign AUPs would increase policy effectiveness and reduce computer misuse
09/01/04, UK: Research announced today by compliance and security software company, PolicyMatter, shows that the majority of IT managers have a dim view of computer users when it comes to information management. According to the findings, user ignorance and a willingness to take matters into their own hands are the key causes of computer misuse in the workplace.
In a survey of over 200 UK IT managers, 40 per cent said users in their organisation were best described as ‘IT security incidents waiting to happen’; with a further 21 per cent of respondents viewing users as a ‘necessary evil’. A more positive tone was taken by 32 per cent of managers, who regarded their users as ‘valuable assets’, while only seven per cent felt that users were the ‘guardians of the organisation’s data’.
On the issue of computer misuse, an overwhelming 64 per cent of IT managers said that there users were prone to ‘sometimes misusing’ the organisation’s systems. More seriously, 18 percent reported that computer systems were ‘often misused’ by staff and two percent suffered ‘constant’ computer misuse. For a luckier 16 per cent, computer misuse was described as ‘rare’.
The research shows that the primary cause of computer misuse (with 47 per cent) is that users ‘don’t understand what they are doing wrong’. More worryingly, 43 per cent of IT managers reported that misuse is down to ‘users believing their actions, while not in line with company policy, will not have any negative effects on the company’. Nine per cent of respondents suggested that users simply thought they could ‘get away with it’, while just one percent said users ‘deliberately flout company policy, regardless of risk’.
Nathan Millard, a lawyer with legal firm Morgan Cole, isn’t surprised at the top two causes of computer misuse: “Many organisations go to great lengths to write acceptable use policies (AUPs), but then undermine their effectiveness by making little or no effort to actually communicate these requirements to employees.
“Organisations need to combat any lack of understanding or complacency to IT security risks by ensuring that computer users have read, understood and signed up to policies.”
Millard’s views are supported by the PolicyMatter research results: 82 per cent of respondents believed that getting users to sign up to AUPs would increase the effectiveness of the policy.
While the majority of respondents (62 per cent) said that AUP management should be a joint effort between the IT, HR and Legal departments, Millard suggests that the reality is somewhat different. “Often, the creation of an AUP is a knee-jerk reaction to a recent incident or ‘near miss’ where the organisation is rudely awakened to the threats of employee computer misuse. However, once written it is very easy to forget the policy and allow it to gather dust,” said Millard. “To provide true protection to the organisation, the AUP needs to be updated regularly to cover new legislation, technologies and user habits, and re-presented to employees so that it is always fresh in their minds. Using a policy management solution like PolicyMatter can dramatically improve the understanding of policy and behaviour of computer users.”
PolicyMatter is a software-based solution for the management of mission-critical company policies. The solution lets managers create, deploy, affirm and audit policy electronically – presenting information direct to users’ PCs, automatically testing understanding and recording acceptance of policy.
~ Ends ~
PolicyMatter addresses several of the key challenges facing organisations (such as, information security, regulatory and legislative compliance, and corporate governance) by ensuring that mission-critical policies are effectively communicated to employees. PolicyMatter policies cannot be deleted or ignored by employees, who must also demonstrate an understanding of the information before making a legally-binding agreement to accept it. A joint venture between software vendor, Extend Technologies, and law firm Morgan Cole, PolicyMatter is already in use with private and public sector organisations in the UK.
For more information, contact Matt Fisher at PolicyMatter, 08702 403620
This press release was distributed by ResponseSource Press Release Wire on behalf of Extend Technologies in the following categories: Consumer Technology, Personal Finance, Business & Finance, Computing & Telecoms, for more information visit https://pressreleasewire.responsesource.com/about.