It honestly tempting to point a camera at my workstation so AI can "watch over my shoulder" while I'm working on systems that are pointlessly excessively locked down.
I don't do, but it is tempting, and I bet people will do it.
Too much security makes people seek insecure workarounds...
Or to quote Star Wars, “The more you tighten your grip, Tarkin, the more star systems will slip through your fingers”.
Many years ago I watched someone marched out of the room in handcuffs by military police for plugging a USB thumb drive in the wrong computer.
My current situation isn't anywhere near that strict, and I agree that many security postures are dumb and overbearing, like unnecessarily frequent password rotation. But honestly, preventing employees from sharing company documents with random third parties doesn't seem all that unreasonable.
I agree, but a lot of companies risk exactly that by creating policies that people are likely to have reasons to want to bypass.
E.g. Calendar sharing. It's a paintpoint if you often have irregular working hours and have to match up a personal and work calendar. At least allow sharing busy/not busy... By not doing so, you create an environment where people are tempted to find workarounds that might be much worse.
Part of your security posture needs to be to consider how to prevent friction in areas where reducing it removes incentives for non-compliance.