Is Your IT Security Policy Hampering Employee Productivity?
In past posts, I’ve discussed how important it is for companies to focus on their IT security strategy. When strategy becomes too rigid, however, employees pay the price. Accessibility issues create extra work for the help desk, slowing a company’s productivity. How do you balance security and productivity? The two don’t have to work against each other. You can protect the company assets while engaging your mobile workforce and encouraging maximum productivity. Here’s how.
Adapt to the Modern Network
In the past decade, managing a company’s network has become a juggling act of securing mobile devices – phones, tablets, even printers. Once you embrace the bring-your-own-device (BYOD) movement as today’s reality, you can work toward finding the sweet spot between security and productivity. Managing a modern network hinges on some simple best practices:
- Figure out what you need to protect
- Understand who you’re protecting it from
- Determine is the likelihood of a threat
- Implement cost-effective security measures
- Adjust your strategy periodically to balance threat level and cost-efficiency
Unfortunately, you can’t build a network management strategy on these principles alone. The BYOD concept has thrown a wrench into the time-honored analyze-secure-revise system, especially when you consider that the lifespan of the average smartphone is around 18 months, and each user has a unique operating system and software capabilities. Adapting to the modern network requires adding two different dimensions to the initial best practices – permissions and confidence.
Choose Your Permissions Wisely
Deciding what an employee’s devices can and cannot access is key to striking the balance between productivity and protecting company assets. Start with compliance with industry laws and regulations, and then consider your company’s specific needs and your available workforce. As the CIO, you’ll have to make some tough decisions about who gets access to what by balancing two seemingly competing forces: employee productivity and company safety. Each decision you make when granting permissions is an exercise in choosing the greater good.
Keep in mind: Lost productivity doesn’t just hamper employees using the devices. One survey found that 41 percent of IT security professionals were unhappy with their current security solutions not because it left them vulnerable, but because it slowed down the system, reducing overall productivity.
Another study found that 52 percent of employees and organizations sacrifice security in favor of productivity through mobile use. Making security measures easy to implement, maintain, and use can help strike that important balance between security and productivity.
Simplify the Enrollment Process
Once you know what devices you need to enroll, determine how to onboard each device simply and securely. If enrollment isn’t easy for employees, they won’t do it, and that leaves your network unprotected. Your IT department should be able to add devices remotely, so employees don’t swamp your tech department’s help desk during onboarding. Simplify things further with a self-service employee portal, where passwords can be re-set, GPS can locate lost devices, and devices can be wiped remotely.
Make the Tough Decisions
There’s no one-size-fits-all solution for striking a balance between company productivity and security. CIOs are in the uncomfortable position of trying to develop security systems for networks that encompass a variety of devices within a budget that makes the accounting department happy, too. Essentially, this situation pulls us in three directions, and there’s no simple answer.
Making appropriate, well-balanced security decisions hinges on aligning priorities across departments through solid communication. Department heads, as a team, must come up with an acceptable arrangement for security level, complexity, and cost. As CIO, it’s up to you to implement these ideas. The answer to these questions should guide your decision:
- Who is the threat from?
- How likely are they to attack?
- How much will it cost to protect the company?
Review your strategy periodically and revise as necessary.
With Challenges Come Opportunities
We may mourn the days when system security was simpler, but the BYOD movement is exciting. It presents unique challenges but also opportunities. Expect mobile engagement to increase in the coming years (some number crunchers predict that 50 percent of businesses will engage in a mobile-only format in the next few years). Adjust your strategy to match technology’s pace and keep a running dialogue with other departments to assess priorities. Treading the fine line between productivity and security is time-consuming, but it’s worth the effort.