Help! My Staff Hates My Company’s IT!
Fellow business owners, do you ever feel like you need to walk around on eggshells when it comes time to implement a new process or policy with your employees? Does it seem like your staff fights back tooth and nail when there is any technology change or IT restriction? You aren’t alone.
More often than not, employees aren’t very aware of IT security threats or the ramifications of improper data-sharing habits. It’s not uncommon for IT security to start and end with the password for non-technical employees, and sometimes even that feels like asking a lot.
This point isn’t to sound negative. You probably didn’t hire most of your employees for their knowledge and understanding of network security. The real problem lies when you, the business owner, rolls out a new security policy. As a simple example, let’s go back to passwords:
A Real-World Example of Employees Rejecting IT Security
Let’s say your IT provider suggests that you set up group policies on your network to enforce secure passwords across the board. That includes forcing users to reset their network password every 30 days, not repeating the same password, and having complexity requirements.
If you are like most business owners, you approve the change and move on. IT implements the change, and suddenly your employees start getting prompted to change their passwords. It’s likely some users are going to simply follow the prompts and do so without a hitch, some are going to idly mutter about the change, and a few are going to protest it. This might not even get directly to you right away either - they’ll complain to their immediate manager or their friends around the water cooler. In the worst cases, seemingly simple security change can bring out the poison. When it does finally trickle up to C-level, it’s going to feel insane how much it has escalated. After all, it’s just over a simple password policy, and it is to protect the data of the business that signs their checks! I’m not even the victim of this and the idea heats me up too!
This is a little bit of an extreme case and not typically the norm, but I assure you it does happen. It’s worth mentioning some other policies that could rile up your employees:
- BYOD (Bring Your Own Device) Policies - From employees not wanting their employer to dictate how they manage their personal mobile devices, despite setting up company email and cloud accounts to use the device for work, to bringing in unprotected devices and connecting them to the network, this security concept always seems to be a major hit or a major miss for people.
- Firewalls and Content Filters - “What do you mean, YouTube is blocked?” You’d be surprised how many businesses suffer from wasted time from video streaming sites and social media, or maybe you wouldn’t. While common, it’s usually just a handful of provocateurs who regularly misuse the Internet while at work. Still, the solution is locking things down, and for some reason, that can be upsetting to some users.
- Implementing New Technology - This is probably the most common. Let’s say you roll out a new line of business app or move your data to the cloud. You put your managers and staff through training to learn the new system and provide instructions for proper use and follow up a week or two later only to find some employees are following the new procedures and others are pushing against the grain and going their own way.
The list goes on though. Almost any kind of security implementation could potentially drum up murmurs from employees. Does your new VoIP system record calls and let managers barge in to help staff? Did you install an IP camera system to protect company assets (and potentially, your employees)? Are you blocking users from installing unauthorized software on company workstations to prevent software license nightmares? You name it, and someone will potentially be unhappy about it.
What’s the Fix? Are My Employees Working Against Me?
There’s good news. It’s pretty likely that your employees aren’t conspiring to take down your business. In fact, all this stress, flack, and frustration that business owners and managers receive is often because your users want to get their job done effectively.
It all goes back to your employees not understanding the importance of security. Remember, to many, security starts and ends with the password, and that’s if you are lucky. To them, a new security policy or change to IT just feels like a roadblock. IT security just doesn’t seem reasonable to them. Imagine waking up one day and discovering that we switched measurement systems while you were asleep, and now you need to convert back and forth between miles and kilometers during your morning commute. Everything you’ve known is now wrong and that can be extremely taxing when you simply just want to accomplish a goal.
Even when the purpose of the change is to make the company more effective, a single user will only see it as something new to learn or an interruption to their day. Alternatively, some might look at it as being strong-armed to surrender their privacy (like the example of the BYOD policy) or that they aren’t trusted. It suddenly becomes a very personal thing for some users and then they rant about it around the water cooler and find other coworkers who feel burnt as well, and then it escalates.
If the core problem lies in your employees not being security minded, the fix becomes simple - be a megaphone for security.
It Starts with Leaders
When implementing new security policies, software, or technologies that will affect your employees and how they work, it’s important to loop in both the C-level and managers to go over the vision and goals. Sometimes, it’s as simple as a quick elevator pitch, and other times it doesn’t hurt to explain why things are changing. If management is on board, they will be equipped to educate and answer questions for the rest of the staff.
You Aren’t Looking for Acceptance
This doesn’t mean your IT decisions suddenly need to be democratic. When it comes to IT security and the protection of your company’s (and your clients’) data, this really isn’t up to your staff. The key is getting them on board and providing education to make security top of mind.
By setting up regular internal security meetings or adding IT security as a point to your regular staff meetings, you and your management team can help explain the why behind new policies and changes, and in a lot of cases, identify other issues that you might not be aware of. Plus, this encourages an ongoing culture of security, giving you and your team a platform to discuss and implement further training and help your users identify issues.
We realize not all business owners are fluent in IT security either, and we’re happy to help you establish a culture of security. If you need help implementing new technology, reach out to White Mountain IT Services by calling 603-889-0800 to start protecting your business from the bottom up.
- Tip of the Week: Awareness is Key to Mobile Device Security With more and more businesses relying on mobile devices for their business they have to be sure that the use of these devices doesn’t present security issues for the company. With all that is happening in business computing today, finding out how you can protect yourself in lieu of the prevalence sm...
- How to Balance Your IT’s Value Against the Cost No matter how you look at it, technology is expensive. You’ll rarely look at your IT invoices without cringing a little on the inside. However, it’s important that you take a glance at these every once in a while to understand just what you’re getting from your technology budget. Ultimately, you wan...
- Would You Fall for this Adult Scam if You Saw an Old Passwor... As you may expect, the average Internet scammer isn’t above resorting to dirty tricks to claim their ill-gotten prize from their victims. A recent scam demonstrates just how dirty these tricks can truly be, and unfortunately, how ill-prepared many are to handle them. To preface this scam, we need...
- How to Compose a Successful Business Continuity Plan If you don’t consider the worst-case scenario when preparing your business’ disaster recovery strategy, you’ll inevitably suffer from it when it does happen. Taking into account all of these nuances is one of the main ways your organization can prepare for such an occasion. All of these instances ne...
- 4 Internal Threats Every Business Owner Should Understand In light of all the data leaks and vulnerabilities that have been brought to light over the past few years, network security has to be a priority for every business. One problem many organizations have is that while they are protecting their network and infrastructure from threats outside their comp...
- Spend More Time Managing Your Business, and Less Managing Ve... Chances are, you most likely view your vendors as a necessary evil. While you have to work with them to get the things that your business needs to function, it’s hard to not think of everything else that could be accomplished in the time you spend dealing with them. Unfortunately, there are even mor...