I have heard enough about how security practices keep users from being productive. I constantly hear people complain about the evils of complex passwords (or any password on a smart phone), password expiration, encryption, web filters, lack of admin access on laptops, etc., and how they are such a drag on user productivity and the bottom line.
When’s the last time users and management considered how the following “normal” practices during work hours or on company-provided equipment impact user productivity and costs?
- Local and long-distance calls to family and friends (including texting).
- Hours spent surfing shopping, news, porn sites, and personal email.
- Time spent at the water cooler or on extra long lunches.
- Wear and tear on multifunction printers producing non-work related materials (including toner and paper).
- All the office supplies (and in some organizations, toilet paper and coffee) that end up at home.
- Cost in dollars and hours of replacing a mobile device that a user left in a taxi or dropped in a toilet.
The kicker is that no one realizes the difference between security practices and the list of time/dollar wasters listed above: security contributes to the business; the losses listed above have no upside. Which of these categories cost the business more?
Security antagonists love to categorize and track all the problems, hours, and dollars that security costs. What about the other issues that may be costing as much or much more?
Security is just easier to target, gather statistics on, and it already irritates people. Thank goodness for regulations. Remember the days when hardly anyone did security?
How do users waste time at your organization?
I pushed a ton of buttons in this short post. If you don’t have any comments on this topic, you either don’t work in audit or security, are shy, or feel guilty about all the stolen coffee you drink at home. :)