A recent survey conducted by Government Business Council shows that many officials in government agencies think information security is a barrier to increased productivity.The survey references blocked websites that prevents access to needed information and inability to effectively work remotely (presumably due to security limitations) as the primary pain points. An interesting but unsurprising side effect noted in the survey was that user’s who are blocked from getting information in one method will sometimes resort to utilizing less secure methods to access the information.
How do your users feel about information security impacting their productivity? If you have not asked recently through informal checks or surveys you may be surprised. They likely feel the same way and may be taking additional risk to access the information they are trying to get. It is important to balance information security protection with usability to ensure you are not missing opportunity or limiting productivity.
Some things to consider
- Information security requires continual education and engagement with your user community. It involves a give and take where you must educate and inform but also listen to feedback to ensure you have not set up unneeded barriers that negatively impact productivity
- As much as possible schedule security scans to occur at a less than peak time to minimize disruption. When this time is will vary by company so plan it based on your business requirements
- If you have implemented web filtering create a feedback loop so you can learn about web sites needed for business use that are being blocked inappropriately. Evaluate and take action as appropriate to show that you are listening and care about business requirements. This is an important step to building trust that will help further all of your information security objectives later on.
- Remember when people think security is a barrier they will be creative and potentially use unauthorized methods to get what they need. It is better to understand what user pain points are and help them be removed vs. giving an incentive to get around the barriers that could cause a big exposure.
In closing, be sure to build a relationship with your users so you can find out how they really feel and validate that your information security program is meeting business requirements.