Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Network Security

Firewall Frustrations – Employees Complain About IT Security Policies

Workers denied access to certain websites at work are not afraid to voice their frustrations, a new survey shows.

According to a recent survey, forty percent of chief information officers (CIOs) interviewed said that it’s at least somewhat common for employees to complain about security measures that limit which websites or networks they can visit at the office.

Workers denied access to certain websites at work are not afraid to voice their frustrations, a new survey shows.

According to a recent survey, forty percent of chief information officers (CIOs) interviewed said that it’s at least somewhat common for employees to complain about security measures that limit which websites or networks they can visit at the office.

The survey was commissioned by Robert Half Technology, an IT staffing and recruitment firm, and results were based on interviews with more than 1,400 CIOs from companies across the United States with 100 or more employees.

CIOs were asked, “How common, or uncommon, is it for employees at your company to complain about IT security measures that limit their access to certain websites or networks?”

Their responses:

Very common 12%

Somewhat common 29%

Somewhat uncommon 29%

Advertisement. Scroll to continue reading.

Very uncommon 29%

Not applicable 1%

“Companies with a high volume of complaints from employees about web or network access may need to reach a compromise, particularly if overly restrictive policies are standing in the way of productivity,” said John Reed, executive director of Robert Half Technology.

Robert Half Technology offers the following tips for workers to improve their understanding of IT policies around network security and web access:

Don’t be afraid to ask. Some policies may simply be outdated and no longer make sense. Asking someone in your organization’s IT department why access is restricted is often one of the quickest ways to resolve an issue.

Make a business case. If employees can’t access a client’s website or a professional networking site that can generate business, it will probably be an easy case to make. However, if the case isn’t that straightforward, be prepared to discuss how access to a site or network will help the business grow and why it’s necessary.

Listen. Even seemingly simple requests for access may be denied, but for good reason. It’s critical that workers understand IT security professionals are concerned with security across an organization. Allowing access to certain websites, even if justified from a business perspective, could be too risky enterprise-wide.

Compromise when necessary. If you have a strong business case to relax a particular IT restriction, but your IT security team thinks the risk is still too great, be ready to ask if there is a suitable compromise.

• They might offer another solution, such as setting up a computer with Internet access, but not connected to the company’s network.

“There will always be employees who feel IT security policies are too restrictive,” Reed noted. “But in most situations, robust information security measures are necessary to protect sensitive data and an organization’s network integrity from increasingly sophisticated threats.”

Related Content: Web 2.0: Should Businesses Block or Embrace? (By Alex Thurber, McAfee)

Written By

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Identity & Access

Zero trust is not a replacement for identity and access management (IAM), but is the extension of IAM principles from people to everyone and...

Cybersecurity Funding

Network security provider Corsa Security last week announced that it has raised $10 million from Roadmap Capital. To date, the company has raised $50...

Network Security

Attack surface management is nothing short of a complete methodology for providing effective cybersecurity. It doesn’t seek to protect everything, but concentrates on areas...

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...

Identity & Access

Hackers rarely hack in anymore. They log in using stolen, weak, default, or otherwise compromised credentials. That’s why it’s so critical to break the...

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...

Cyberwarfare

Websites of German airports, administration bodies and banks were hit by DDoS attacks attributed to Russian hacker group Killnet

Network Security

A zero-day vulnerability named HTTP/2 Rapid Reset has been exploited to launch some of the largest DDoS attacks in history.