Describe a time when a client wanted to implement a security policy that went against best practices. How did you handle the situation?