Security Or Usability

In a recent report 68% of employees admitted to bypassing their employers’ information security policies. While few details were forthcoming on exactly what had been done, there were some anecdotal points. Using USB sticks to take data home to work on, printing out reports and then not disposing of them correctly. The list all seems ‘reasonable’ after all people have to do their jobs - don’t they?

Herein lies the issue, security controls (and security in general) is often implemented at the expense of usability and work process. If we are to see a change in attitude we need to encourage change and understanding from the top down. If employees need to take work home, then companies need to buy adequate equipment and security technology for them to do that - otherwise, they will just have to put up with the work taking longer.

Work practices have to change if we are to protect information and that isn’t going to happen overnight. If processes are awkward or overly time consiming then people will work around them - regardless of the consequences. Often they don’t know what the real consequences are. The time to educate is now - from the top to the bottom.

April 8, 2008 | Filed Under security 

comments

Leave a Reply