According to a survey done by Forrester, most data breaches at companies are caused by employees, and not even maliciously. They just don’t know the security policies. They lose their mobile devices, or the devices are stolen, or they let other data-bearing devices be compromised, or they just plain misuse corporate data assets.

The afore mentioned survey stated: 31% of executives “cited stolen or lost devices as causing the most data loss,” and 27% cited “inadvertent misuse of corporate assets by employees as responsible for breaches.” Only 25% said that data breaches “resulted from attacks initiated from outside their organizations.” Even better, 46% of employees said that they were not aware of all their organization’s IT security policies. If these employees were better informed, then they would avoid these mistakes, and the company’s data wouldn’t be breached.

But the entirety of the blame is not on the employees. Employers are just as bad. There is a “lack of policy implementation, inadequate security policies, and a faulty IT security system” that contribute just as much to security breaches.

There needs to be a dialogue between employers and employees regarding security policies. Employers need to firmly establish policies that work, and employees need to learn and implement these policies.

  I work for Net Nanny. The opinions expressed here are my own.