Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Let someone break the rules to improve security

Michael Santarcangelo | Sept. 18, 2012
"Daddy, can I stay up late tonight?"

Engage in a conversation, not a lecture; learn from their experience and use it as a basis to reach a common understanding on the purpose of the rule.

For example, a global organization recently implemented web filtering. Anticipating backlash, they instituted a policy that allowed anyone to request a blanket exemption for up to five days.

Surprisingly, just the existence of the policy -- of the potential to break the rule -- increased compliance few people made temporary requests, and even fewer sought permanent exemptions.

But it gets better: the common reason for an exemption was the inability to reach common sites (like google, LinkedIn and FaceBook). Those requests got a personal, signed response explaining that the sites weren't actually blocked and some potential reasons (spyware, adware, virus, misconfiguration, etc.) the attempt failed.

This generally led to a brief, engaging conversation about the problem and guidance on how to get resolution. As a result, a problem was solved, the value of the system understood and the request for exemption withdrawn.

Letting someone break the rules, or just offering them the chance, is a simple way to increase contextual understanding of the purpose of the rule in the first place. With better understanding comes better compliance. Follow the three simple steps above, and let me know how it works for you when you try it.

 

 

Previous Page  1  2 

Sign up for Computerworld eNewsletters.