Subscribe Now

* You will receive the latest news and updates on the Canadian IT marketplace.

Trending News

Blog Post

Good security policies key to retaining talent, according to Telus-Rotman study

Good security policies key to retaining talent, according to Telus-Rotman study 

It also found that businesses that said “yes” to new technologies were more likely to be successful than those that said “no.”

“The ones that were the most secure were the ones that said ‘yes’ to the technologies, because they provided awareness training,” said Walid Hejazi, professor, Business Economics, Rotman School of Business. “When an organization says ‘no’ to a new technology, they have to be able to explain to the employees or the stakeholders why the policy is in place.”

Based on responses collected from more than 400 Canadian security professionals, the study found that businesses that can successfully balance innovation with stringent security are more likely to be successful in three key areas: employee retention, mobile security, and advanced threats.

“To retain their people, organizations need to be able to explain why the policies exist,” said Hernan Barros, Director, Security Services, TELUS Security Solutions. “Organizations that say ‘yes’ have a better chance of retaining skilled individuals. Skilled resources are attracted to organizations that have the same values they do.”

Hejazi and Barros outlined four criteria for a security responsible organization: the ability to look beyond compliance when focusing on risk; the ability to hire and retain the best skill and expertise; the ability to adjust policies whenever new technologies are brought in; and the ability to educate employees about security policies so that they do not try to circumvent them.

Surprisingly, the results also showed a surge in the number of reported breaches in governments, in contrast with a general decrease in breaches in the private sector. Hejazi noted that there are three possible explanations for this development.

Salaries tend to be lower in government, so they often have difficulty retaining their talent. Most security professionals who start out in the government eventually leave for the private sector.

Governments also tend to invest in highly complex IT environments, which make them difficult to manage and may create more vulnerabilities for attackers to exploit. And, of course, governments are an ideal target for cybercriminals.

“The government is a repository of so much information, so they become targets of sophisticated hackers,” said Hejazi. “They’re a bigger target, and they have difficulty retaining [talent], but they have a better ability to identify breaches.”

Overall, the study found that 60 per cent of organizations are security responsible, but Barros and Hejazi want the business world to know there is always room for improvement. They hope that, through this study, Canadian businesses can equip themselves with the tools and knowledge they need to become security responsible.

“Canadian companies that ignore security responsible practices put themselves at risk,” said Barros. “There is a lot at stake in not becoming security responsible. ‘Yes’ organizations are twice as likely to have a high security responsible rating. The data shows you can be a ‘no’ organization, but you have to do it responsibly and you can get good results. There needs to be a focus on managing risk regardless of technology decisions.”

The full study can be read here.

{module Gone in 60 seconds}

Related posts