New report finds workers often ignore rules to get work done
Federal executives feel onerous cybersecurity rules and procedures make it much more difficult to do their jobs, and many often seek out less-secure ways to access information when it becomes necessary to quickly perform a task. Those are just some of the findings in a major report on government cybersecurity by the Government Business Council. The report, titled "Cybersecurity in Government: Balancing Access, Functionality and Mobility," polled more than 160 high-ranking federal executives from a variety of government agencies. Representatives from the Departments of Defense, Justice, Treasury, State, four military branches, NASA, the U.S. Postal Service, the Social Security Administration and 18 other federal entities participated in the survey, and their responses show a palpable level of frustration with current cybersecurity procedures.
When asked if cybersecurity restrictions inhibit their job performance, only 16% of respondents said they were not inhibited at all. Of the remaining 84% of federal executives who believe cybersecurity is making it more difficult to work, most say timely access to information and the basic performance of their computers are the biggest obstacles.
These challenges often force federal workers to circumvent cybersecurity rules and procedures when time- or location-sensitive tasks arise. When denied access to information they need for work, 65% of executives admit to using at least one unauthorized method to get the job done. By a wide margin, the most popular workaround to cybersecurity restrictions is the use of a non-agency device to access sensitive information or data that would otherwise be blocked by a government machine or would take too long to access. Forty-two percent of respondents say they have done this, and six percent of federal executives say they have asked a non-agency employee to access information that is otherwise forbidden.
Mobility is another major area federal executives believe is restricted by current cybersecurity measures. Sixty-one percent of the survey respondents say their agency has issued them a laptop computer, implying that work can and should be done outside the office. Of those who do work remotely, however, more than half (52%) say cybersecurity policies inhibit the efficient access to information when away from their primary workplace. The computers themselves are also hampered by cybersecurity measures, according to the executives. When asked how cybersecurity affects computer performance, 56% of those polled said they experience slow-loading websites, 52% report slow login times to online federal systems and 45% complain of slow-loading email.
Perhaps because cybersecurity measures are so strict, confidence in the level of security provided is high among federal executives, although that confidence varies greatly based on a worker's location. Overall, 75% of survey respondents express confidence in the security of data inside their particular federal agency's building. However, confidence outside the building falls dramatically to 49%, a major concern considering 64% of polled executives work remotely at least one day per week.
Source: Government Business Council report, "Cybersecurity in Government: Balancing Access, Functionality and Mobility."