![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
jducoeurOne more from Ars today: 12% of employees knowingly violate company IT policies. The fun part of the quote, though, and I suspect it is true, is "in order to get work done".
Take that at face value -- really, it doesn't surprise me. But the right conclusion to draw, I believe, isn't that employees are bad and are maliciously or carelessly violating policy. Rather, it is that IT policies are often short-sighted, and wind up hindering employees from doing their jobs. This happens all the time, in ways from overly-tight web-browsing enforcement to stupidly-frequent password-changing regulations. Overly broad or restrictive policies often necessarily force people to work around them -- and therefore wind up putting the company at *more* risk than a slightly looser (and more consistently followed) policy would have.
Okay, yes -- I'm probably preaching to the choir here. But it's a good illustration of the Law of Unintended Consequences, and why stricter rules can backfire very badly. The solution isn't tighter enforcement, it's better-chosen rules...
Take that at face value -- really, it doesn't surprise me. But the right conclusion to draw, I believe, isn't that employees are bad and are maliciously or carelessly violating policy. Rather, it is that IT policies are often short-sighted, and wind up hindering employees from doing their jobs. This happens all the time, in ways from overly-tight web-browsing enforcement to stupidly-frequent password-changing regulations. Overly broad or restrictive policies often necessarily force people to work around them -- and therefore wind up putting the company at *more* risk than a slightly looser (and more consistently followed) policy would have.
Okay, yes -- I'm probably preaching to the choir here. But it's a good illustration of the Law of Unintended Consequences, and why stricter rules can backfire very badly. The solution isn't tighter enforcement, it's better-chosen rules...