Users Frustrated with IT Security Policies

Do the end-users at your company complain about what they perceive as restrictive IT security policies? A recent survey commissioned by IT staffing firm Robert Half Technology (News - Alert) found a hefty percentage of users unhappy about limits placed on what websites or networks they can access on the job.

Conducted for Robert Half by an independent research firm, the survey questioned 1,400 CIOs across a range of U.S. companies with 100 or more employees. Among those interviewed, four out of 10 CIOs said it’s at least somewhat common for employees to complain about tight security.

Specifically, the CIOs were asked the following question:, "How common, or uncommon, is it for employees at your company to complain about IT security measures that limit their access to certain websites or networks?” Among the CIOs, 12 percent said it’s very common, 29 percent said somewhat common, 29 percent said somewhat uncommon, and 29 percent said very uncommon.

Employees could be upset over security policies due to a couple of reasons, according to Robert Half. In some cases, they may simply not understand that tight polices are needed to protect corporate data and networks from the array of security threats hitting the business world today. But in other cases, companies hearing a lot of complaints may need to look at their policies to see if they’re too restrictive, and if so, think about reaching a compromise.

To help both sides of the fence, Robert Half offered a few recommendations for end-users bumping into tight security limitations.

Users shouldn’t be afraid to ask about a security policy. Some policies may be outdated and no longer make sense in today’s business climate. Asking the IT department about a certain restriction can more quickly lead to a resolution than simply complaining about it.

Users should be prepared to make a business case. If employees can’t access certain social networks or other Websites that can generate more business, they may not have a tough case to make. But in other situations that aren’t as straightforward, the user should be ready to explain why access to a certain site or network is needed to help the business.

Users should also be prepared to compromise when needed. If employees run into resistance on the part of IT to allow access to a certain site, they should be ready to ask if a compromise can be reached. For example, IT might be able to set up another computer that’s not connected to the corporate network but still has Internet access.

Finally, users should be willing to listen to IT. It can be frustrating when even simple requests for access are denied. But such restrictions are usually in place for good reason. It’s important for employees to understand that IT ultimately is responsible for overall network and data security for the good of the company.