If you are not careful, well-intentioned but misinformed policies can bring about unintended consequences.
I recently visited Seattle for work, a city I enjoy spending time in, particularly in the summer when the weather is good. Unfortunately for this trip, snow, sleet, and rain were on the docket, and while it made for slushy messy streets, it also brought an interesting quiet to the city that was unusual. I stayed in a hotel that was newly renovated, and may have been the first person to stay in my particular room, as it still smelled of various construction materials and was sparkling clean. One peculiar item caught my eye, an imposing placard on the door beneath the ubiquitous evacuation instructions that read:
The Law Protects Hotel Housekeepers and Other Employees from Violent Assault and Sexual Harassment.
The hotel is providing panic buttons to housekeepers, room servers, and other employees assigned to work in guest rooms without other employees present.
SEE: IT physical security policy (Tech Pro Research)
This being a brand new and upper-tier hotel, the stark warning seemed rather ominous. I couldn't help but picture hapless hotel employees, one finger on their panic buttons, cowering in fear from nefarious hotel guests. It forced me to wonder who and where these terrible people might be found. Interestingly, a cursory web search revealed little detail on the origin of the law requiring a placard notifying guests that they were assumed to be depraved and violent criminals. There also did not appear to be a particular series of incidents that might merit such a response.
The right response
Certainly, no normal person wishes any misfortune on their fellow human, and as a frequent traveler, I have a soft spot for the hundreds of people who invest their sweat equity into allowing me to travel around the world with relative ease and comfort. However, a placard in a nice hotel that implies the very reason hotels exist— paying customers—are an entity to be regarded with deep suspicion to the point that anyone who interacts with them requires a panic button seems like a significant overreaction.
While this example might seem inane to the point of comedy, we as individuals and collective organizations are likely guilty of similar transgressions. The average employee handbook at a Fortune 500 company implies that employees are one step away from thievery, gross ethical lapses, and general tomfoolery without repeated admonishments from HR to the contrary.
Your IT shop's password policy, requiring a 60-character password with a senseless and unrelated combination of letters, numbers, Sanskrit, and Masonic symbols is likely well-intentioned but creates so much complexity that no human could hope to recall their password without putting it on a Post-it Note that's likely hidden under their keyboard.
SEE: Incident response policy (Tech Pro Research)
The Golden Rule of appropriate responses
It's usually in response to a major incident that we overreact. Perhaps a housekeeper was violently harmed in Seattle, the newspapers are rife with corporate malfeasance, and it's nearly certain that someone had their password of "forgot1234" cracked to the detriment of sensitive information. However, these cases should not merit a gross overreaction. If you find yourself assuming that everyone is a bad actor and should be treated as such, you've likely gone too far in creating a response to the incident that just occurred that's likely to create more problems than it solves.
Similarly, if you find that people with little or no experience related to the problem at hand are suddenly designing solutions, it's time to slow the runaway train of an over-response. You've likely encountered non-technical colleagues sharing their thoughts on technical policy in response to a dramatic incident, and in these cases, rather than stoking their passions, walk them through the unintended consequences their well-intentioned but misinformed policies might bring about.
Look for the lapses that led to an incident and mitigate those that are reasonable, while avoiding overreaction. In the case of Seattle hotels, if these incidents are widespread a panic button may be a great solution, but a placard implying that every hotel guest is assumed to be depraved is not.
- IT budgeting: A cheat sheet (TechRepublic)
- What is blockchain? Understanding the technology and the revolution (TechRepublic download)
- Vendor relationship management checklist (Tech Pro Research)
- Tech Budgets 2019: A CXO's Guide (ZDNet)
- 6 ways to delete yourself from the internet (CNET)
- Best to-do list apps for managing tasks on any platform (Download.com)
- CXO: More must-read coverage (TechRepublic on Flipboard)