It's Just Results knows that the best solutions and ideas come from teams. We prefer working with collaborative and innovative partners in security and compliance. One of our partners is ThreatSwitch.
This is the second post created in partnership with ThreatSwitch, a cloud-based industrial security compliance solution that aims to radically simplify and automate high volume, data-intensive, and administrative tasks. Please visit threatswitch.com to learn more.
ThreatSwitch invited us to continue to participate in their Partner Perspective series. The focus of the series is to share insights that you can use to improve your own security program and security policies.
Not following Policies is Common
A 2018 Kaspersky Labs study found that only 12% of employees know of an organization’s security policies and rules. This same survey said 24% of employees believe that the organization they work for does not have security policies.
Many companies have employees who are not aware of the company’s expectations of their behavior. The only way for staff to know their responsibility and their role in meeting security requirements is for these requirements to be documented, communicated, and shared. A written document establishes explicit activities and guidelines for employees to follow but without staff participation, a company’s security posture will be deficient.
10 Reasons Why Employees are Not Applying Policies
In response to policy challenges, we've worked with business leadership and staff to identify the top reasons why employees are not engaging with security policies:
Designing Policies that Engage Employees
Getting all of your employees engaged with your policies might seem like an impossible task, but don't give up quite yet! To improve policy development speed, implementation, use, and buy-in, incorporate these critical variables:
In addition to the basic policy requirements listed above, we recommend including the Center for Internet Securities (CIS) 20 controls. The controls are updated every few years and can be found for free download at https://www.cisecurity.org/controls/. It is generally accepted that these controls address 85% of the cyber threats companies face.
Do your policies include these security controls? If not, you have a likely security gap and will need to make decisions and codify them in your new or revised policies.
Businesses today are under relentless pressure to protect their security and maintain compliance. Cybercriminals are growing more sophisticated, and traditional defenses are no longer enough. The need for carefully developed policies that protect data, systems, and operations has never been more urgent.
One strategy that’s gaining traction is the adoption of zero trust policies. For businesses that demand clear, actionable results in compliance and security, zero trust provides a framework that mitigates risk and strengthens security posture.
At It's Just Results, we collaborate with business leaders who value efficiency, clarity, and real outcomes. Understanding zero trust and embedding it into policy development can mean the difference between effective security and catastrophic breaches.
Zero trust policies operate on a straightforward principle: "never trust, always verify." This model assumes that no user or device—whether inside or outside the network—is trustworthy by default. Instead, access is granted only through continuous verification and strict controls.
Unlike traditional security models that rely on a defined perimeter, zero trust treats threats as both internal and external. Each access request is evaluated independently, ensuring that only verified and authorized users can reach sensitive data or systems. This approach minimizes the potential impact of a breach and reduces vulnerable entry points.
Compliance means adhering to regulations, safeguarding sensitive data, and ensuring that systems meet established standards. Without a clear policy development process, maintaining compliance is next to impossible. Policies dictate how an organization handles security, data privacy, and risk management.
Zero trust policies are pivotal to modern compliance strategies. Regulations such as GDPR, HIPAA, and CMMC demand rigorous da ta protection and controlled access. Zero trust helps businesses meet these requirements by:
Developing zero trust policies goes beyond technology. It requires a structured approach that aligns security goals with compliance needs. Here are key elements to consider:
For business leaders focused on compliance and security, zero trust policies offer a straightforward way to achieve both. By eliminating blind trust and enforcing continuous verification, zero trust reduces risk, safeguards data, and supports compliance with industry regulations.
At It's Just Results, we know you need solutions that are practical, affordable, and effective. Zero trust policies aren't about adding complexity; they simplify security by making trust explicit and verifiable. This no-nonsense approach helps you meet compliance requirements without the confusion of convoluted frameworks.
Outdated policies leave you vulnerable. Embrace zero trust and create a resilient, compliant business environment. Contact us today to discover how we can develop zero trust policies that get the results you need.