Employees don't care if the business fails

0 Votes

Employees don't care if the business fails

TechRepublic own blogger extraordinaire HutchTech fired off this missive recently, which got me wondering whether everyone agrees that employees willfully ignore security precautions at work because they don't fear consequences.

"I recently came across this Trend Micro report in a SANS newsletter which claims that employees take more risk on the net at work because they believe their IT department will protect them. While this might be what they said in the survey, the real answer is far more sinister: employees don't care if the business fails.

"Let's face it, if you knew you wouldn't have been caught pulling the fire alarm at school so that you could postpone that math test would you have done it? The same moral dilemma faces those who use their PCs at work. Employees (particularly in larger corporations) don't see the real harm of network downtime--it's just a paid break. And if they don't see people getting fired for abuse (I'm not talking about porn here, but shopping, blogging, gambling, etc., etc.) what risk do they really take in abusing their Internet access? Besides, if you do happen to infect the network with the latest worm you're just a poor, little end-user and you're really, really sorry. And how many IT departments are actually going to track the thing down once the fire's been put out? Not many--the standard e-mail reminder to be more careful will have to suffice (oh, and remember to attach a copy of the corporate e-mail/Internet policy).

"While I am not excited about Apple, Microsoft, et al taking a stronger oversight role when it comes to workstation and network security, businesses (particularly smaller ones) really do need help against their own worst enemy--themselves. Remember: Ignorance, my friends, is not innocence."

- Hutch

I'm curious as to who agrees with the esteemed Hutch, and if anyone has ever handed out (or received) serious punishment for security violations at work.