Slashdot Mirror

← Back to Stories (view on slashdot.org)

Survey: 2/3 of Public Sector Workers Wouldn't Report a Security Breach

Posted by Soulskill on from the time-to-hand-out-some-free-whistles dept.

An anonymous reader sends news of a survey of workers in the public sector conducted by Daisy Group, a British IT firm, which found that 64% of them would stay quiet about a security breach they noticed. The survey also found that 5% of workers admitted to disabling the password protection features on their work devices, and 20% said they don't update their passwords regularly. Daisy Group's Graham Harris said, "When it comes to data security, all too often organisations focus purely on IT processes and forget about the staff that will be using them. Human error is one of, if not the most likely source for data security issues, and fear of reprisal is a powerful force." 16% of respondents said they didn't know if data protection was an important part of their company's security practices.

4 of 150 comments (clear)

  1. comment subject here by Falos · · Score: 5, Insightful

    Do we give out points on evaluations for "fully complies with security policy every time"? No, we slam plebs with metrics and quotas, after a childhood revolving around GPAs and diploma checkboxes and life-story-in-one-page application rodeos. We've trained society to game the system and if they're giving fucks in a certain, limited fashion, it's because the world only gives fucks in a certain, limited fashion.

    Of-fucking-course they game the system. "Fear of reprisal" isn't even a core symptom.

  2. Password updating by ngc5194 · · Score: 5, Insightful

    Okay, the bit about how many folks wouldn't report a security breach is disturbing, but what's the fixation with updating passwords? I've been working in computer security for decades, and I almost never update passwords unless I'm required to or there is an incident. I'd much rather have my users pick strong passwords and not change them often than pick weak passwords because I insist they change them often. Sure, it's not just an either/or, but on the list of my concerns about system security, how frequently users update their passwords ranks WAAAAY down on the list.

  3. You're God damn right I wouldn't by Anonymous Coward · · Score: 5, Insightful

    What benefit would there be in reporting a security breach? Workers, especially in the public sector, are increasingly being treated as the enemy when they report this sort of thing. Governments have created an environment where any sort of whistle-blowing is viewed as a hostile action, and employees are often rewarded with termination, lawsuits, or jail time. Until that climate changes for the better, I'm just going to do my job and keep my fucking mouth shut.

  4. Re:Maybe because security people are dicks? by Anonymous Coward · · Score: 5, Insightful

    Actually, security's motto is "If you can do your job, we're not doing ours."