Justin du Coeur (jducoeur) wrote,
Justin du Coeur

What does this actually teach us about IT policies?

One more from Ars today: 12% of employees knowingly violate company IT policies. The fun part of the quote, though, and I suspect it is true, is "in order to get work done".

Take that at face value -- really, it doesn't surprise me. But the right conclusion to draw, I believe, isn't that employees are bad and are maliciously or carelessly violating policy. Rather, it is that IT policies are often short-sighted, and wind up hindering employees from doing their jobs. This happens all the time, in ways from overly-tight web-browsing enforcement to stupidly-frequent password-changing regulations. Overly broad or restrictive policies often necessarily force people to work around them -- and therefore wind up putting the company at *more* risk than a slightly looser (and more consistently followed) policy would have.

Okay, yes -- I'm probably preaching to the choir here. But it's a good illustration of the Law of Unintended Consequences, and why stricter rules can backfire very badly. The solution isn't tighter enforcement, it's better-chosen rules...
Tags: technology

  • Ideas for fighting Fake News

    [I'm mostly just posting links over in Facebook, but my more technical friends tend to be over here.] Here is a really excellent collection of…

  • Damn

    *Sigh*. I was sure this was possible, and was thinking for the past two weeks that it was starting to feel likely, but was really hoping otherwise. I…

  • Time to change the name of the meme?

    From cnn.com today: 'Trump went on to again attack women who have accused him of sexual assault or misconduct, saying, "every woman lied when they…

  • Post a new comment


    Anonymous comments are disabled in this journal

    default userpic

    Your reply will be screened

    Your IP address will be recorded