Skip main navigation

New offer! Get 30% off your first 2 months of Unlimited Monthly. Start your subscription for just £35.99 £24.99. New subscribers only T&Cs apply

Find out more

Why You Need to Strike a Balance Between Security and Ease of Use

This video describes considerations needed to balance ease of use for users of the network and the level of security necessary to protect the network.
In this video, we’re talking about why you need to strike a balance between security and ease of use. Now, it’s always a little bit of a balancing act between securing your network and your users being willing to do what they need to do. Now, on one hand, our users tend to be our biggest security risk. Our users are also critical to any part of any business. And our users can also be one of our biggest assets to securing our own network. Now, the reason for this is we have a lot of users. Our users tend to outnumber the IT and security personnel on any staff. And they also tend to be the people that are being targeted directly.
If it’s not a machine, it’s not a server, it’s not a switch, it’s going to be most likely our users that are being targeted. And this is why they’re so important.
Now, the problem if we make things too restrictive, having a draconian security policy will most likely be met with resistance. Things like, well, blocking everything on the internet, having a deny all and then allowing things, that is probably going to be met with a whole lot of backlash. Making your security policies too restrictive will most likely cause employees, that just want to do their jobs, very angry. Now, making things too difficult for a user to do their job, they’re probably going to start getting mad. They’re going to most likely start ignoring a lot of security protocols. And they’re probably going to find other way, creative ways around what you just set up, thus potentially making things worse.
Also, making a security policy that’s too confusing will likely result in no security. They’re probably going to ignore it, because they don’t understand it. They don’t understand why it’s they’re. Having an easy to follow, simple to understand security policy will be more likely to result in participation from your users. At the end of the day, we still need a secure network and our users.
So this is why we need to strike a balance. So create your user accounts with just enough rights to do your job. And you may need some flexibility here. Now, say, your payroll people just having them being able to access, say, Excel spreadsheet, the printer, a Word document, and a web portal to whatever financial system they have, while that may technically be enough for them to do their job is most likely going to be too restrictive. So again, you’re going to have to have some flexibility there. It’s far easier to never have given a user rights to something than to take it away.
Again, is if you have, say, a really open account policy, people have admin rights, so you can add and remove modify folders on the network drive. They can add whatever printers. They could start installing a bunch of software on their computer that they want, custom browsers, custom wallpapers, and whatnot. And then one day you take it away. You go, well, this is way too open, I need to lock this down. You start locking down a lot of stuff, you’re going to get more backlash from your users. Versus if you figure things out ahead of time. Figure out, well, this is a direction we need to go. We need to restrict what programmes they can install.
We’re not going to allow users to install software anymore. If they want something, they need to fill out this form, and then we’ll review it and then we can install it for them. Having that set up beforehand is going to be far easier. Again, when you take something away from a user, whether they’re going to use it or not or whether they need it or not, the perception of you’re taking something away from me is going to be pretty strong with most people. And they’re not going to like it. Again, it doesn’t matter if they ever used it before. The fact that you’re taking something away that they used to have tends to get people really mad.
Be fair to your employees. At the end of the day, everyone has a job they need to perform. Provide adequate training that will work for your employees. And also, enable a way for users to report an incident or question easily. If you make it confusing or you don’t tell people how to report something, they’re not going to bother reporting the incident that they run into or if they have a security question. Once you find a balance, it should be signed off by management and to be implemented and made a requirement.
Again, just having your IT technician come up with this brilliant security plan, training plan, and then throwing it out there, unfortunately, is not going to have any weight behind it. It needs to be signed off by management and management integrate it into the business practises. That way you have accountability, and you have some sort of authority behind it.
So wrapping up, your users can be your biggest security risk. They can also be your biggest security help. So make sure you train them and utilise them. There must be a balance struck between network security and workability for your users. And trying to keep it simple and engaging. Having an overly complicated, security plan will most likely confuse users, and they’re not going to use it. Try to keep it simple and engaging. So in the next video, we’re going to be talking about employee reporting. Thank you for watching. I’ll see you in the next video.

This video describes the considerations needed to balance ease of use for users of the network and the level of security and restrictions necessary to protect the network.

A network’s level of security can be increased or decreased depending on what strategies you implement. However, it is important to keep the needs of your users in mind when securing your network. We will discuss striking a balance between securing your network from attacks and ensuring that approved users are still able to access sufficient resources to complete their work.

Reflect and share: Does your company have a policy regarding user levels and associated rights? Do you think it should or should not? Why? Share your comments in the section below.

This article is from the free online

Advanced Cyber Security Training: Network Security

Created by
FutureLearn - Learning For Life

Reach your personal and professional goals

Unlock access to hundreds of expert online courses and degrees from top universities and educators to gain accredited qualifications and professional CV-building certificates.

Join over 18 million learners to launch, switch or build upon your career, all at your own pace, across a wide range of topic areas.

Start Learning now