Harvard study reveals reasons employees violate cybersecurity policies (and what your RIA can do about it)

Harvard study reveals reasons employees violate cybersecurity policies (and what your RIA can do about it)

Most people who work in the financial industry are aware of the importance of cybersecurity. After all, a breach of client information can be devastating for any registered investment advisor (RIA) or financial advisor. However, awareness isn’t enough to protect against cyberthreats, especially when you consider the ever-changing nature of cybersecurity threats and regulations.

One reason for this may be that employees often violate cybersecurity policies without even realizing it. A recent Harvard Business Review (HBR) study suggests that many people who violate security conventions don’t do it out of malice. Rather, they do it because they believe following the rules to the letter would impede their ability to do their job effectively. What’s more, the stress they experience on a daily basis further reduces their tolerance for rules that seem to get in the way of doing their work.

Let’s take a closer look at this study and discuss some ways to help you reduce the risk of policy violations within your own RIA or financial advisory firm.

Related reading: Does your RIA have a hybrid work environment? Make sure it’s secure

The Harvard Business Review study

In their study of over 330 remote employees from different industries, HBR asked participants to keep track of their day-to-day stress levels and compliance with cybersecurity policies for two weeks. They found that employees didn’t consistently adhere to the policies, with 67% failing to fully comply at least once during the course of the study. The top reasons for participants breaching protocol were “to better accomplish tasks for my job,” “to get something I needed,” and “to help others get their work done.”

What’s more, the study discovered that people were far more likely to deliberately violate cybersecurity policies on days when they were feeling more stressed. Participants cited home duties, job uncertainty, and the demands of the cybersecurity policies themselves as the common sources of their stress. They also reported that they were more likely to violate rules when they felt that following them would “hinder productivity,” “require extra time or energy,” or “make them feel like they were constantly being monitored.”

This isn’t surprising when you consider that most people have been working from home for nearly two years now, and many are still dealing with the same issues they’ve had from the beginning. The pandemic has forced employees to juggle work, child care, and school at the same time. With so much going on in their lives outside of work, it’s easy to see how they could get stressed out and start cutting corners, especially when it comes to cybersecurity policies. Such policies can be seen as restrictive and preventing employees from doing their jobs, so much so that they will ignore them rather than risk falling behind on deadlines or even losing their jobs altogether.

Unfortunately, the consequences of violating cybersecurity policies can be severe. A data breach can not only damage your firm’s reputation, but it can also lead to financial losses, decreased client satisfaction and trust, and even lawsuits. That’s why it’s essential to take steps to reduce the chances of violations happening in the first place.

Related reading: The cost of a ransomware breach at your RIA

Tips for reducing the risk of protocol violations

Here are some measures your RIA or financial advisory firm can take to keep employees from violating cybersecurity policies:

  • Clarify the purpose behind the security policies. It’s important for your RIAs and staff to understand why certain rules exist and what they are meant to prevent. If they don’t fully comprehend the rationale behind these rules, they can start to view them as arbitrary and unnecessary.
  • Provide training and education. Cybersecurity policies can be confusing and complex, especially for those who are not tech-savvy. Make sure you provide everyone in your firm with the necessary training and education so they understand the policies and their responsibilities with regard to them. By making it easier for them to follow procedures, you can reduce the chances of them violating protocols out of ignorance or frustration.
  • Help manage employee stress levels. While you can’t control everything that happens outside of work, it’s important to address the stressors within your firm. Consider implementing employee wellness programs and other initiatives to help people manage their workloads, including flexible working hours or time off as needed.
  • Empower employees with the right resources for compliance. Technology is your friend when it comes to the enforcement of cybersecurity policies, particularly if you’re working in a distributed environment where there’s no one watching over people’s shoulders at all times. Consider investing in technology that can help ensure security while also providing RIAs and staff with the flexibility they need to do their jobs.

Ultimately, it’s important to remember that cybersecurity policies are in place for a reason and that most employees want to comply with them. Unfortunately, stress can often lead to people making bad decisions, so it’s important to create an environment where compliance is both encouraged and possible.

By taking the necessary steps to reduce stress levels and provide training, education, and resources for employees, you can create a culture of compliance within your RIA or financial advisory firm. This will not only help keep data safe from hackers but also protect against unintentional breaches due to well-meaning mistakes made by those who may be feeling overwhelmed or overworked.

RIA WorkSpace can help ensure that your RIAs and staff have the technology they need to adhere to cybersecurity policies. Contact us today to see how we can help.