70% of young workers ignore IT security rules: how to tame them?

According to a report recently issued by Cisco Systems, 7 out of 10 young employees frequently ignore IT policies and two-thirds said they believe their company's policies need to be modified. About 61 percent said corporate IT security isn't their responsibility, believing it is that of their employer or the maker of their devices.

Of those who were aware of IT security policies, 70% of employees worldwide admitted to breaking policy with varying regularity. Among the different reasons, the most common was the belief that employees were not doing anything wrong (33%). One in five (22%) cited the need to access unauthorized programs and applications to get their job done, while 19% admitted the policies are not enforced. Some (18%) said they do not have time to think about policies when they are working, and others either said adhering to the policies is not convenient (16%), they forget to do so (15%), or their bosses aren't watching them (14%). The attitude of younger workers to technology clearly represents a new and growing threat to corporate IT security.

Beyond IT security awareness and training programs, organizations must find ways to efficiently enforce their computer security policies.

UserLock has a role to play here, as this software solution gives CSOs and Network Administrators the means to secure access to their Windows network and to quickly react in case of inappropriate behavior.

Using UserLock makes it possible to:

Automatically notify all users prior to gaining access to a system with a tailor-made disclaimer

Users can for example be advised that system usage is monitored, recorded, subject to audit, and that unauthorized use is prohibited and subject to criminal and civil penalties. This is an efficient reminder for thoughtless employees, young or not.

Restrict user access to the network with multiple criteria: workstations, time, business hours, quotas and connection type

UserLock allows setting and enforcing access restrictions in a granular way. An example of multi-criteria restriction could be: prevent a given user (or group, or Organizational Unit) from logging to the network:

  • from a computer outside of a given department
  • outside of business hours
  • via a VPN connection.

The login system is the first line of defense of a Windows network. Restricting user access reduces the attack surface of the network and keeps rogue or careless users at bay.

Follow the session activity on the network in real-time, be alerted and remotely lock, logoff and reset all sessions immediately

UserLock allows real time session surveillance and monitoring; at all times a System Administrator knows who is connected, from what workstation(s), since when, etc. Popup or email alerts can also be sent to the network administrators for specific events such as denied logins, successful logins and logoffs.

In case of suspicious behavior, System Administrators can instantly take action to tackle insider threats.

Limit or prevent concurrent logins to a Windows network, based on user, user groups, Organizational Units and session types,

Limiting or preventing concurrent logins decreases the ability of users to share their credentials, as it would impact their own ability to access to the network.

It also makes it impossible for a rogue user to seamlessly use valid credentials at the same time as their legitimate owner, access that user’s data and applications, send Emails in his name, etc.

Simultaneous logins limitation or prevention avoids serious accountability and non-repudiation issues.

Check UserLock detailed features

Download a free trial

Share this page: