Why staff break security rules

I’ve just got back from speaking in Athens at HAISA 2009, the leading international symposium on the human aspects of information security. Picking up today’s Computer Weekly, my eye was naturally drawn to an interesting article on why staff break security rules.

CW reports that researchers at Nottingham Trent University have actually discovered that many staff will knowingly break or bend security rules in order to perform a job more efficiently, to help a colleague, or to provide good customer service. They also noted that complacency can set in when staff have been working in the same area for a long time and they know they will “get away with it”.

Of course they could have saved a lot of time by simply asking me or any experienced security or safety manager. We’ve known all this for decades. Perhaps, as Basil Fawlty might put it, the researchers might be qualified to set up a course in the not-too-subtle art of stating the bleeding obvious.