New Survey: Employees Complain About IT Security Policies

by VPNHaus | 08/26/2010 |IT policy

You know the scenario, you implement your organization’s security policy, and then within minutes can hear employees groaning and mumbling about IT. According to a new survey, employees don’t just complain to each other – they are now complaining directly to IT.

Four in 10 CIOs interviewed for the Robert Half Technology survey said that it's at least “somewhat common for employees to complain about security measures that limit which websites or networks they can visit at the office.”

IT professionals have long grappled with being the organization’s “bad guys,” limiting access and denying service to frustrated employees. To dodge outright mutiny, IT professionals can help employees better understand why we have to restrict and monitor what they do. To do this, we’ve turned the survey's suggestions for employees confronting IT administrators on its head to make the list for IT professionals.

  • Be Open to Questions. Nobody likes to be told policies exist “just because.” If an employee wants to know why a certain site or network is restricted, tell them why. And if they’re not super tech-savvy, do so in laymen’s terms. The answer can be simple, but fostering this dialogue will make employees more comfortable with restrictions.

  • Listen to Business Cases. IT professionals are sometimes so far removed from the rest of the organization, they don’t understand why blocking certain sites and networks is detrimental to business. When employees are making legitimate business cases to change the IT policy, listen. We’ve heard stories of IT departments blocking social media channels at news organizations, leaving reporters scrambling on their mobile devices to catch up on breaking news stories.

  • Explain Your Role. Let employees know that your job isn’t to deny them access to “fun” sites, it’s to protect the organization’s security. The better they understand your role, the more the policies will make sense.

  • Be flexible. When possible, work with the employees. For example, set up one computer in the office that isn’t restricted so employees can occasionally access restricted sites. Compromises like this go a long way in helping employees make peace with IT security policies.