C-Suite + Managers Pose Higher Security Risk to Organizations

Robinson+Cole Data Privacy + Security Insider
Contact

You executives and managers who are in my age group (that is, you didn’t grow up with mobile devices and computers) listen up. According to several studies, you pose a higher security risk to your organization than the up-and-comers you manage.

According to a new survey of 2,000 workers aged 16 to 55+ in the U.S. and U.K., OneLogin found that senior managers (42 percent) were twice as likely to share a work device with someone outside the organization than their junior counterparts (20 percent), 19 percent of senior managers said they share confidential passwords with a family member compared to 7 percent of junior employees, and senior management reported working from public Wi-Fi networks at double the rate of their junior counterparts (30 percent vs. 15 percent).

There are some logical explanations for this, none of which are comforting or justified. According to OneLogin, some of the explanation is that those of us who did not grow up with technology find it difficult to learn how to use and we are intimidated by it. I have no sympathy for those who refuse to try to learn or try to get around security measures because they are intimidated. It’s not that hard and is vital to the security of your organization.

The second reason is that executives are trying to perform at a high level, and think security measures, like multi-factor authentication or logging into a VPN take too much time. That reason is also rubbish. The entire purpose of implementing security measures is to protect the user and the organization. Trying to figure out a work-around takes more time and resources than just implementing sound security practices. Executives and managers should be thinking about the consequences of a security incident caused by them first and foremost.

Here are some tips for organizations to address this issue:

  • Don’t wait for executives and managers to admit they don’t understand how to implement or use technology. Give them one-on-one training/education so you are sure they are using the security measures and are comfortable with them
  • Provide executives and managers with pointed educational sessions on data security so they are aware of the risks they pose to the organization if they do not adhere to data security practices
  • Be strong when executives and managers ask for work arounds. Instead of allowing the work around, take the time to show them how to use the security measures one-on-one and counsel them on why the measures are so important in layman’s terms
  • Make adherence to security measures part of executives’ and managers’ (for that matter, ALL employees’) performance evaluation. If they don’t follow security measures, that should be documented and considered in compensation and bonus decisions. This will certainly get their attention.
  • Don’t let them get away with it. If they cause an incident, there should be consequences.

As I always say, data security is a team sport. If the captains of our teams aren’t engaged, the plays won’t work and organizations will lose the game.

[View source.]

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Robinson+Cole Data Privacy + Security Insider | Attorney Advertising

Written by:

Robinson+Cole Data Privacy + Security Insider
Contact
more
less

Robinson+Cole Data Privacy + Security Insider on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide

This website uses cookies to improve user experience, track anonymous site usage, store authorization tokens and permit sharing on social media networks. By continuing to browse this website you accept the use of cookies. Click here to read more about how we use cookies.