Security vs Productivity: When Secure Becomes too Secure?

For companies around the world, cyber-attacks are a constant threat, one which they attempt to avoid at all costs. According to the World Economic Forum, being concerned about cyber-attacks it is one of the top ten things that keep executives awake at night even more so than a fear of terrorist attacks. In Canada, cyber-attacks were the number one recognized risk, followed by asset bubble and failure of climate change adaption.

However, with IT security aimed at preventing cyber-attacks, there is such a thing as too locked down. Not allowing employees a certain degree of technological freedom such as installing software, downloading apps, or choosing their web browser, can negatively affect their productivity instead of the initial aim which is to keep them cyber-safe.  When rules and policies gradually become more restrictive, they soon are too rigid to allow the company to compete and innovate in an already competitive landscape.

How to strike a balance?

The key to strike a balance between secure and too secure is manageability. Deploying dedicated security hardware that is either integrated into the network or consolidated into an all-in-one security appliance. IT security efficiency can be improved by consolidating systems and data under the central control of the IT team and so guard against cyber-attacks and still make sure not to stifle employee innovation or creativity.

This post by no means advocates that companies should slack in harnessing themselves against cyber-attacks in the best way they can, but they should do so intelligently and balanced. It’s a fact that many organizations are not sufficiently secured, and they should indeed sharpen their understanding of cyber risks. What this post is pointing out is that you can go too far; make IT security too rigid and so hurt your organization’s competitive spirit and its ability to absorb change.

The next step is to educate your users (that is, employees) on their role in guarding against cyber-attacks. The Identity Theft Resource Center notes that most data breaches are caused by employees who fall prey to hacking, skimming, phishing, etc.  It is important to point out that every single employee in your organization can contribute to your cybersecurity. Creating a culture of vigilance against cyber-attacks through education empowers your employees to help protect your organization while giving IT more freedom to allow flexibility in enforcing security policies which in turn bolsters creativity and innovation.


Ultimately, the best security stance for an organization to adopt to protect itself against cyber-attacks is one that is not about restricting users but restricting risk. It is important to strike a balance between IT not excessively clamping down on users’ activities while simultaneously educating users to stay secure and use IT infrastructure responsibly. Adequate security is built from the ground up starting with an organization’s core vulnerability which is often its employees.

Stage2Data partnered with Heimdal Security to offer our clients prime Anti-Virus and Anti-Malware services. We now offer robust, multi-layered security products to combat next-gen malware, ransomware and other enterprise threats.