It is well understood that for an organization to maintain acceptable levels of information security, all employees must buy into the adoption of that organization’s security culture. Unfortunately, this buy-in is often more difficult than it should be, with many employees not willing to incorporate secure online practices into their work life. But why is this? Aren’t employees aware that their security habits are directly linked to the success of their organization? Some studies suggest it isn’t a blatant disregard for security, but instead a legitimate gripe against the friction created between productivity and security in day-to-day activities. According to a recent survey conducted by Dell, a huge majority of end users, 91 percent, said they were negatively affected by their organization’s security approach. Instead of demanding that workers follow security protocols, it would be beneficial to involve them in the processes of drafting procedures, and training them on new platforms while supporting them through transitional phases.