During the pandemic, many businesses had people working from home. This was something that had to happen, so it is not surprising to see that companies ignored security when it came to remote work. For these businesses, they had a to continue operations, so they had to but security behind operations. This opens a discussion about security and business operations and how they can work against each other.

HP Wolf Security did a study about IT departments during the COVID-19 pandemic. They found that 91% of decision makers from IT departments felt like they had to compromise security during the pandemic to continue business operations. The study also found that 48% of office workers feel that security measures were a waste of time. This is alarming because the security measures are put in place for a reason, to not only protect the business but also the consumers.

Another alarming stat was that 31% of younger office workers (18-24 years old) tried to bypass the security measures to get work done. In the same age group, 54% felt that meeting deadlines were more important than the security measures. This pressure to get work done, and in turn putting data at risk, is worrisome for businesses. The pressure and short-term gains from meeting certain deadlines might be not outweigh the issues of a data breach.

Continuing with the same age group, 39% did not know what the security policies were or that they existed. This is where the statistics above come from. Workers are not properly being instructed to what the security policies are and why they are important. Without the knowledge of this, these workers cannot understand the issue of what they are doing because they do not know the importance. Workers want to meet their deadlines and get work done, and if they do not know and understand the importance of the security policies, they will prioritize getting their work done.

The last statistic that is related to ones above but isn’t about a specific age group is that 37% of office workers felt that security policies are too restrictive. Additionally, “80% of IT teams experienced push back from users who do not like controls being put on them at home.” This is connected to the idea before that the workers are not properly informed about the importance of the security policies. So, what can be done?

Businesses can begin to have technology and security literacy. Informing the workers why these policies are important and what their purpose is, they can help reduce the number of workers avoiding and bypassing security policies. Furthermore, teaching workers about the different security risks and signs of them could help prevent or minimize the risk and damage of a data/security breach.