jducoeur

One more from Ars today: 12% of employees knowingly violate company IT policies. The fun part of the quote, though, and I suspect it is true, is "in order to get work done".

Take that at face value -- really, it doesn't surprise me. But the right conclusion to draw, I believe, isn't that employees are bad and are maliciously or carelessly violating policy. Rather, it is that IT policies are often short-sighted, and wind up hindering employees from doing their jobs. This happens all the time, in ways from overly-tight web-browsing enforcement to stupidly-frequent password-changing regulations. Overly broad or restrictive policies often necessarily force people to work around them -- and therefore wind up putting the company at *more* risk than a slightly looser (and more consistently followed) policy would have.

Okay, yes -- I'm probably preaching to the choir here. But it's a good illustration of the Law of Unintended Consequences, and why stricter rules can backfire very badly. The solution isn't tighter enforcement, it's better-chosen rules...

S	M	T	W	T	F	S
		1	2	3	4	5
6	7	8	9	10	11	12
13	14	15	16	17	18	19
20	21	22	23	24	25	26
27	28	29	30	31

Most Popular Tags

adobemax - 14 uses
arisia - 38 uses
artofconv - 14 uses
business - 13 uses
cats - 50 uses
comics - 51 uses
commyou - 131 uses
covid-19 - 26 uses
diary - 731 uses
ebooks - 14 uses
economics - 33 uses
economy - 28 uses
europe 2012 - 14 uses
exercise - 30 uses
games - 29 uses
geekery - 14 uses
girl genius - 28 uses
health - 12 uses
house - 37 uses
humor - 21 uses
jane - 108 uses
kickstarter - 13 uses
larp - 59 uses
law - 28 uses
links - 49 uses
lj - 28 uses
masonry - 17 uses
media - 28 uses
meme - 15 uses
memes - 29 uses
news - 17 uses
patents - 13 uses
pennsic - 36 uses
politics - 353 uses
programming - 476 uses
querki - 107 uses
recipes - 30 uses
reviews - 204 uses
sca - 326 uses
scala - 40 uses
science - 13 uses
spam - 21 uses
technology - 531 uses
troob - 27 uses
tv - 12 uses
vacation - 54 uses
via ljapp - 13 uses
wartime thoughts - 34 uses
wave - 23 uses
work - 92 uses

Flat | Top-Level Comments Only

From:

metahacker.livejournal.com

I am shocked at how low that number is.

I think if you look at the letter of the laws, approximately 100% of employees violate company IT policies.

doubleplus.livejournal.com

I suspect the key to that statistic is "knowingly." ;-) But even so, it seems low. Pretty much the only policies reliably followed at places where I've worked are those that are automatically enforced, like password changes.

jducoeur

Wouldn't surprise me if this is the proportion that *admits* to having done so.

(I actually think that most of the policies at my office are followed *relatively* reliably. But we're still a smallish company, and the security policies are, by and large, rational and well-targeted...)

dsrtao

One of the problems is measuring compliance...

metageek.livejournal.com

Right. If the policy admins can't tell if people are breaking the rules, and the employees aren't sure if they are, then how is a survey going to know? I'd put the 12% as a lower bound.

What does this actually teach us about IT policies?

(no subject)

(no subject)

(no subject)

(no subject)

(no subject)

Profile

July 2025

Most Popular Tags

Page Summary

Active Entries

Style Credit

Expand Cut Tags