Why people bypass security here

There was a security briefing at work recently, and it left me with the feeling that the people coming up with the policies have not really understood why some people try to work around the measures they come up with. I admit that there will always be people who will do it out of ignorance, laziness or malice, but some times it can be mitigated.

• Resources are not allocated or are insufficient. Example, if the company decides that workers cannot bring in their own thumb-drives and must use company-issued ones, then the company must provide it. If sharing of PCs is not allowed, then everyone should have their own working PC. If only tested software from the software repository can be used, then workers must be able to access it. Otherwise, workers will need to find some way to get their work done, many times against the security policy.


• Management must take the request for resources by their staff seriously and provide solutions to them. If a worker has requested for a thumb-drive but has not been issued after an extensive period, he will just bring in his own.