In a recent survey, 69% of younger office workers stated that they feel entitled to access personal e-mail and websites at work. For experienced IT professionals, this kind of attitude underscores the challenges of developing flexible computer security policies at work. On one hand, IT managers must maintain the integrity of company and customer information. At the same time, more system administrators are being asked to make compromises in the name of accommodating workers.
For IT managers charged with developing flexible computer security policies, experts recommend four key steps in the process:
1. Invest in Ongoing Professional Development
The need to remain flexible should drive the selection of courses, degrees, and other career training topics for IT personnel. Meanwhile, IT administrators can make it easier for other employees to meet them halfway by adopting a coaching mindset. Offering opportunities for employees to use their preferred websites during approved break periods and in a secure context can generate tremendous goodwill between IT departments and other staff.
2. Choose Modular Software and Equipment
Over the past decade, most hardware and software vendors have integrated flexible security modules into their designs. In many cases, a firmware upgrade or an operating system patch can combat the latest, emerging threat. This way, infrastructure investments can remain useful over longer periods of time while still accommodating evolving uses for network tools.
3. Clarify Real Computer Security Threats
Some organizations spend thousands of dollars on network security, even though employees can move data in and out of systems using tiny, inexpensive USB drives. Surveying users for the ways that they really use office networks can reveal major areas of opportunity while taking the pressure off managing perceived threats.
4. Align Flexible Computer Security Policies with Business Goals
As online tools and services become more integrated with daily activities in the enterprise, effective IT managers can find ways to maintain security while accommodating business needs. Virtualized desktops, web-based applications, and VPN access all represent methods that IT departments have used to open access to end users while maintaining flexibility and portability.