A survey of 175 security professionals from across Europe revealed that as many as 94% of users prioritize employee productivity over security concerns, thereby indicating that the focus is always on getting the job done, no matter the risk.
Security vs Productivity and Innovation
Recent survey data seems to indicate that security is seen as the nemesis to productivity. In a survey of over 1,200 business and technology decision makers, 56% of respondents say that their current approach to workplace security is having a negative impact on employee productivity, and 20% report it has a highly negative effect.
A survey of 500 CISOs from large enterprises across the globe found that, on average, 11 hours a week of IT, security and help desk time is spent fielding users’ complaints and requests for access to websites, applications and documents that have been blocked by security policies or tools.
The focus on productivity – at the cost of security – is evident in the actions of both the gatekeepers and the end users.
- A broad use of admin rights. In the quest to respond to business requests and not be seen as a roadblock, IT teams are granting admin rights to a large number of end users. According to Brian Chappell at Beyond Trust, organizations are allowing too many employees to enjoy admin rights even though the practice leaves such organizations vulnerable to leaks as well as external cyber-attacks. The Beyond Trust survey revealed that even though 71% of IT professionals consider the rampant usage of admin rights a high risk factor, and a further 21% admit that such usage caused frequent security problems, 38% of them said that their organisations are allowing too many employees to enjoy admin rights for the sake of convenience and efficiency. Attacks from insiders and phishing attacks are particular threat risks when users have elevated access rights.
- A culture of workarounds. When employees are delayed or stymied in completing their work, they resort to workarounds that often introduce security vulnerabilities. Sharing logins and passwords within teams, keeping written passwords as a response to frequent password-change requests, transferring sensitive documents over a personal cloud account instead of via a secure network connection, and allowing an unbadged visitor to ‘draft’ into a facility are all examples of workarounds.
When it comes to innovating, security teams often get the reputation of being the ‘department of no’ – in direct opposition to the spirit of ‘how’ and innovation.
A survey of chief information security officers (CISOs) found that 81% say end users see corporate security policies as a hurdle to innovation.
Ensuring Productivity and Innovation While Staying Safe
Here are a few ways that security teams can partner with the business to ensure productivity and innovation:
- Illustrate the danger of workarounds. Provide awareness education that directly addresses the impact of harmful workarounds. Make it real for employees by showing what happens when passwords are shared or posted publicly, or files are exchanged outside your network.
- But plan for the workarounds. Accept that the tension between an employee’s drive to get work done and the IT team’s need to protect will not go away, and plan accordingly. To guard against the workarounds that will crop up, focus on the basics: ensure that employees have access only to data required for their job, revoke access when no longer needed, and protect data with encryption and a strong backup plan.
- Use monitoring software. Not only can user monitoring provide IT teams with alerts regarding suspicious behavior (large file downloads, outgoing emails to personal accounts, etc) and the ability to more closely watch privileged users, this software can also provide insights regarding where users are struggling with complex processes or hard-to-use software. Being able to reduce these types of roadblocks for the business turns the IT team into the department of ‘how’.
Employee Motivation Through Software: How to Boost Productivity
Keeping the Productivity Momentum in Remote Workers
Best tips for Blending Cyber Security and Productivity
Consider a Framework Approach to Link Employee Productivity and Business Performance