Fellow business owners, do you ever feel like you need to walk around on eggshells when it comes time to implement a new process or policy with your employees? Does it seem like your staff fights back tooth and nail when there is any technology change or IT restriction? You aren’t alone.
More often than not, employees aren’t very aware of IT security threats or the ramifications of improper data-sharing habits. It’s not uncommon for IT security to start and end with the password for non-technical employees, and sometimes even that feels like asking a lot.
This point isn’t to sound negative. You probably didn’t hire most of your employees for their knowledge and understanding of network security. The real problem lies when you, the business owner, rolls out a new security policy. As a simple example, let’s go back to passwords:
A Real-World Example of Employees Rejecting IT Security
Let’s say your IT provider suggests that you set up group policies on your network to enforce secure passwords across the board. That includes forcing users to reset their network password every 30 days, not repeating the same password, and having complexity requirements.
If you are like most business owners, you approve the change and move on. IT implements the change, and suddenly your employees start getting prompted to change their passwords. It’s likely some users are going to simply follow the prompts and do so without a hitch, some are going to idly mutter about the change, and a few are going to protest it. This might not even get directly to you right away either – they’ll complain to their immediate manager or their friends around the water cooler. In the worst cases, seemingly simple security change can bring out the poison. When it does finally trickle up to C-level, it’s going to feel insane how much it has escalated. After all, it’s just over a simple password policy, and it is to protect the data of the business that signs their checks! I’m not even the victim of this and the idea heats me up too!
This is a little bit of an extreme case and not typically the norm, but I assure you it does happen. It’s worth mentioning some other policies that could rile up your employees:
- BYOD (Bring Your Own Device) Policies – From employees not wanting their employer to dictate how they manage their personal mobile devices, despite setting up company email and cloud accounts to use the device for work, to bringing in unprotected devices and connecting them to the network, this security concept always seems to be a major hit or a major miss for people.
- Firewalls and Content Filters – “What do you mean, YouTube is blocked?” You’d be surprised how many businesses suffer from wasted time from video streaming sites and social media, or maybe you wouldn’t. While common, it’s usually just a handful of provocateurs who regularly misuse the Internet while at work. Still, the solution is locking things down, and for some reason, that can be upsetting to some users.
- Implementing New Technology – This is probably the most common. Let’s say you roll out a new line of business app or move your data to the cloud. You put your managers and staff through training to learn the new system and provide instructions for proper use and follow up a week or two later only to find some employees are following the new procedures and others are pushing against the grain and going their own way.
The list goes on though. Almost any kind of security implementation could potentially drum up murmurs from employees. Does your new VoIP system record calls and let managers barge in to help staff? Did you install an IP camera system to protect company assets (and potentially, your employees)? Are you blocking users from installing unauthorized software on company workstations to prevent software license nightmares? You name it, and someone will potentially be unhappy about it.
What’s the Fix? Are My Employees Working Against Me?
There’s good news. It’s pretty likely that your employees aren’t conspiring to take down your business. In fact, all this stress, flack, and frustration that business owners and managers receive is often because your users want to get their job done effectively.
It all goes back to your employees not understanding the importance of security. Remember, to many, security starts and ends with the password, and that’s if you are lucky. To them, a new security policy or change to IT just feels like a roadblock. IT security just doesn’t seem reasonable to them. Imagine waking up one day and discovering that we switched measurement systems while you were asleep, and now you need to convert back and forth between miles and kilometers during your morning commute. Everything you’ve known is now wrong and that can be extremely taxing when you simply just want to accomplish a goal.
Even when the purpose of the change is to make the company more effective, a single user will only see it as something new to learn or an interruption to their day. Alternatively, some might look at it as being strong-armed to surrender their privacy (like the example of the BYOD policy) or that they aren’t trusted. It suddenly becomes a very personal thing for some users and then they rant about it around the water cooler and find other coworkers who feel burnt as well, and then it escalates.
If the core problem lies in your employees not being security minded, the fix becomes simple – be a megaphone for security.
It Starts with Leaders
When implementing new security policies, software, or technologies that will affect your employees and how they work, it’s important to loop in both the C-level and managers to go over the vision and goals. Sometimes, it’s as simple as a quick elevator pitch, and other times it doesn’t hurt to explain why things are changing. If management is on board, they will be equipped to educate and answer questions for the rest of the staff.
You Aren’t Looking for Acceptance
This doesn’t mean your IT decisions suddenly need to be democratic. When it comes to IT security and the protection of your company’s (and your clients’) data, this really isn’t up to your staff. The key is getting them on board and providing education to make security top of mind.
By setting up regular internal security meetings or adding IT security as a point to your regular staff meetings, you and your management team can help explain the why behind new policies and changes, and in a lot of cases, identify other issues that you might not be aware of. Plus, this encourages an ongoing culture of security, giving you and your team a platform to discuss and implement further training and help your users identify issues.
We realize not all business owners are fluent in IT security either, and we’re happy to help you establish a culture of security. If you need help implementing new technology, reach out to Palindrome Consulting by calling 305-944-7300 to start protecting your business from the bottom up.