Balancing enforcement and
business productivity
At this point, it seems a significant
problem is that many employees don’t
fear breaking policies. When they
aren’t enforced and the consequences
of defying them have not been
communicated, what is there to fear?
However, no policy has ever been made
to be broken and with increasingly fewer
people following the restrictions and
regulations, it is only becoming more
complicated or costly to enforce them.
On the flip side, it’s possible that it could
be security teams who are complacent
when it comes to enforcement.
64
It’s imperative that
businesses educate
their employees
about the growing
cyberthreat to
reduce the risk that
they fall victim to
an attack.
A set of policies might be put in place to
appease executives or board members
but an IT team not supportive of the
initiative could have no actual intention
of implementing them.
Another possibility is that
inconsistencies in enforcement create
a situation where no enforcement
seems like a better decision. Imagine
a situation where one employee was
written up for using a non-approved
cloud storage platform but he/she knows
that numerous other employees are also
using it and aren’t being punished. This
would serve only to create resentment
towards the security team and would
Issue 14
|
www.intelligentciso.com