It shouldn\u2019t come as a shock that in a recent CIO.com study on\u00a0What Keeps CIOs Awake at Night, security planning is listed as the lowest priority for budget cuts in 2015. Here\u2019s why: it seems that every time I turn on the global news, I am hearing about yet another security breach or cyber-attack. Whether it is\u00a0Sony who was hacked, releasing thousands of emails, or Morgan Stanley\u00a0where a rogue employee allegedly stole account information for the wealthiest 10% of clients, security \u2013 or the lack thereof \u2013 is a hot topic.\n\n\nSecurity \u2013 Playing the Odds\n\n\nSecurity risks vary in source, size and breadth, leaving organizations to ask, \u201cWhat security breach would do us the most damage? And how can we either prevent it, or mitigate its impact?\u201d\n\n\nSecurity investments are traditionally about playing the odds: it\u2019s an endless game of \u201cwhat ifs.\u201d So to help you determine where to invest next, I\u2019m going to share with you what I believe are\u00a0five security \u201ctruths\u201d\u00a0\u2013 just some things for you to consider as you continue securing your increasingly digital workforce. This blog series is a complement to our recent whitepaper \u201cMore Security, Less Friction."\n\n\nNow let\u2019s get started with truth #1\u2026\n\n\nSecurity Isn\u2019t Just About Things. It\u2019s About People.\n\n\nAn\u00a0ITIC Security Deployment Trends\u00a0survey discovered\u00a0that \u201c80% of survey participants said the\u00a0carelessness of end users\u00a0pose the biggest threat to organizational security.\u201d\u00a0I find that in many organizations there is big investment in building firewalls to protect the IT infrastructure, securing the desktops through anti-virus software, and other defenses from hackers who are targeting physical devices.\u00a0But isn\u2019t it even more vital to secure against the very thing that generates the most risk?\n\n\nHow about people?\u00a0That\u2019s right. Your own fellow workers just might be your Achilles\u2019 heel.\n\n\nThink about your own home for a moment. You can have the best home security system, video cameras at every key vantage point, and the most impregnable locks money can buy. But what if your kids don\u2019t set the alarm when they leave home? And can you be certain your house cleaner doesn\u2019t share your garage door code with anyone else? What happens to all that security when simple human carelessness intervenes?\n\n\nYou\u2019ve got the same problem in your organization. Employees share passwords trying to \u201cdo the right thing\u201d save the company a few dollars on software licenses. People are temporarily granted elevated privileges for a specific project \u2013 but their rights are never revoked. Employees introduce malware by opening executable files they think are printer drivers or \u201csafe\u201d software.\n\n\nIt Starts with the Best of Intentions\n\n\nAll too often \u2013 while your fellow workers may have the best of intentions, and are just trying to get things done faster and more cheaply \u2013 they\u2019re putting you and your company at risk through sheer carelessness. And with the workforce becoming more mobile and more independent (after all, consumer-oriented cloud solutions are just a credit card away), your risk of exposure is growing by the minute.\u00a0Employees don\u2019t think about security first. They think about business productivity and their own individual performance.\n\n\nHow People-focused is Your Security?\n\n\nSo how are you securing your organization from your people? And are your current measures good enough? Here are a few questions to think about:\n\n\nHow many people have full administrative rights over their workspaces?\nDo we whitelist the sites our employees visit or the executables they open?\nAre there limitations on 3rd\u00a0party devices (like USB drives)?\nWhen someone leaves the company is their access to services and apps revoked? Immediately? Even from cloud-based services?\nCan people access privileged apps and information from any device, from any location, and with any Wi-Fi connection? How about from that Starbucks down the street, for example?\n\n\nThese questions will help point to gaps in your security \u2013 gaps that can be created by any one of the people who pull into your office parking lot each day. So ask yourself: can I protect my organization from my fellow workers in each of these scenarios?\n\n\nWhen it comes to security, \u201cpeople first\u201d doesn\u2019t mean \u201clet them do what they want.\u201d But it doesn\u2019t have to mean \u201clock them down\u201d either. Soon we\u2019ll take a look at truth #2:\u00a0Security can\u2019t come at the cost of user enablement.\u00a0And that\u2019s when the need for the organization\u2019s security can come into serious conflict with that most basic of organizational imperatives: productivity. Watch the on-demand webinar to learn how to successfully equip and empower the digital workforce from Day One.