Macro Systems Blog
When Employees Resist New IT Policies
Business owners: do you ever feel like you need to walk around on eggshells when it comes time to implement a new process or policy with your workers? Does it seem like your employees fight back tooth and nail when there is any technology alteration or IT restriction? You aren’t the only one who feels this way.
Most of the time, employees aren’t very aware of IT security threats or the ramifications of improper data-sharing habits. It’s not uncommon for IT security to start and end with the password for non-technical employees; sometimes even that feels like asking a lot.
The reason for this post is not to simply sound negative. You probably didn’t hire most of your employees for their knowledge and understanding of network security. The real problem lies when you, the business owner, unfolds out a new security policy. As an example, let’s go back to passwords:
A Real Example of Employees Rejecting IT Security
Say your IT provider suggests that you set up group policies on your network to enforce secure passwords for everyone. That includes forcing users to reset their network password every 30 days, not repeating the same password, and having complexity requirements.
If you are like most business owners, you approve the change and move on to more pressing matters. IT implements the change, and suddenly your employees start getting prompted to change their passwords. It’s likely some users are going to simply follow the prompts and do so without thinking twice about it, some are going to quietly complain about the change, and a few are going to outright protest it. This might not even get directly to you right away either; they’ll complain to their immediate manager or their friends in the breakroom. In the worst cases, seemingly simple security change can bring out the poison. When it does finally trickle up to C-level, it’s going to feel insane how much it has escalated. After all, it’s just over a simple password policy, and it is to protect the data of the business that signs their checks! I’m not even the victim of this and the idea heats me up too!
This is a bit of an extreme case and not typically the norm, but I assure you it does happen. Below are some other policies that could anger your employees:
- BYOD (Bring Your Own Device) Policies - From employees not wanting their employer to dictate how they manage their personal mobile devices, despite setting up company email and cloud accounts to use the device for work, to bringing in unprotected devices and connecting them to the network, this security concept always seems to be a major hit or a major miss for employees.
- Firewalls and Content Filters - “What do you mean, Facebook is blocked?” You’d be surprised how many businesses suffer from wasted time from video streaming sites and social media; or maybe you wouldn’t. While common, it’s usually just a handful of provocateurs who regularly misuse the Internet while at work. Nonetheless, the solution is locking things down, and for some reason, that can be upsetting to some users.
- Implementing New Technology - This is the most common. Say you roll out a new line of business app or move your data to the cloud. You put your managers and staff through training to learn the new system and provide instructions for proper use and follow up a week or two later only to find some employees are following the new procedures and others are pushing against the grain and going their own way.
The list goes on though. Almost any kind of security implementation could potentially stir up bad feelings from employees. Does your new VoIP system record calls and let managers barge in to help staff? Did you install an IP camera system to protect company assets (and potentially, your employees)? Are you blocking users from installing unauthorized software on company workstations to prevent software license nightmares? You name it, and someone will potentially be pissed off about it.
What’s the Fix?
There’s good news: it’s likely that your employees aren’t conspiring to take down your organization. In fact, all this stress, flack, and frustration that business owners and managers receive are often because your users want to get their job done effectively.
It all goes back to your employees not comprehending the importance of security. Remember, to many, security starts and ends with the password, and that’s if you are lucky. To them, a new security policy or change to IT just feels like a roadblock. IT security simply doesn’t seem reasonable to them.
Even when the purpose of the change is to make the business more effective, a single user will only see it as something new to learn or an interruption to their day. On the other hand, some might look at it as being strong-armed to surrender their privacy (like the example of the BYOD policy) or that they aren’t trusted. It suddenly becomes a very personal thing for some users and then they rant about it around the water cooler and find other coworkers who feel burnt as well, and then it escalates.
If the core problem lies in your employees not being security minded, the fix becomes simple: be a megaphone for security.
It Begins with Leaders
When implementing new security policies, software, or technologies that will affect your employees and how they work, it’s important to loop in both the C-level and managers to go over the vision and goals. Sometimes, it’s as simple as a quick elevator pitch, and other times it doesn’t hurt to explain why things are changing. If management is on board, they will be equipped to educate and answer questions for the rest of the staff.
You Aren’t Looking for Acceptance
This doesn’t mean your IT decisions suddenly need to be democratic. When it comes to IT security and the protection of your organization's (and your clients’) data, this really isn’t up to your staff. The key is getting them on board and providing education to make security top of mind.
By setting up regular internal security meetings or adding IT security as a point to your regular staff meetings, you and your management team can help explain the why behind new policies and changes, and in a lot of cases, identify other issues that you might not be aware of. Plus, this encourages an ongoing culture of security, giving you and your team a platform to discuss and implement further training and help your users identify issues.
We realize not all business owners are fluent in IT security, and we’re happy to help you establish a culture of security. If you need help implementing new technology, reach out to Macro Systems by calling 703-359-9211 to start protecting your organization from the bottom up.