Security Workarounds Meant to Boost Productivity Put Companies at Greater Risk

Why C-Level Execs Should Care More About IT Security

Security protocols are put in place to protect business interests. But are these security protocols also hurting your business?

Having a good security infrastructure in place is absolutely necessary in today’s work environment, but a new Dell study shows that good security has a negative impact on employee productivity.

Even worse, it appears that employees don’t like the restrictions imposed by security protocols because too many of them are using workaround strategies to avoid them; this, said 70 percent of the respondents, is creating the greatest security risk.

I suspect a lot of these security workarounds are happening when employees are working remotely. According to the study, a whopping 92 percent said that the extra security often required for remote work creates a negative impact on productivity (I’m thinking things like using a VPN, but then, I know people who get annoyed using a security code to lock their phone).

I think this quote by Bill Evans, senior director of Product Marketing at Dell Software, in an eSecurity Planet article pretty well sums up the issue with workers and their love/hate relationship with security:

Sure, workers believe security is important, just so long as it doesn’t affect their day-to-day activity, then it’s a nuisance. It’s the age-old battle. Workers are all for security and doing the right thing, but that right thing is not more important to them than doing the right thing of getting their job done.

This study came out at the same time as a study by MeriTalk that revealed similar security protocol concerns within federal agencies, where insider threats are a very serious problem. According an eWeek article:

The survey found 51 percent of respondents say it is common for employees to not follow appropriate protocols, and 40 percent say unauthorized employees access government information they shouldn’t at least once weekly – putting their agencies at significant risk.

Clearly companies need to institute good security tools, but they are pointless if employees aren’t using them. So how do you get employees to work with you to use the security measures in place? One way is to improve education and training, making it more specialized so that each employee understands his or her role in keeping data safe.

Tara Seals wrote in Info-Security Magazine that context is important, too:

IT is interested in transitioning to an approach that puts context surrounding each access request and adapts security requirements accordingly. . . . Without context, IT faces difficulty in quickly addressing changing security needs and an inability to analyze how/why restrictions are managed to improve worker productivity.

Or, in other words, it is all about making sure that employees still have some level of convenience when using their devices, while IT is able to make adjustments to security concerns in real time, addressing needs as they happen rather than using the one-size-fits-all methods. A great idea, but perhaps easier said than done. But by not making adjustments, employees will continue to go rogue and put the company at risk.

Sue Marquette Poremba has been writing about network security since 2008. In addition to her coverage of security issues for IT Business Edge, her security articles have been published at various sites such as Forbes, Midsize Insider and Tom’s Guide. You can reach Sue via Twitter: @sueporemba