According to a recent Cisco survey, seven out of ten (70%) young employees break their companies’ IT policies regularly. This is dangerous for your law practice for a multitude of reasons. Below are the Cisco stats; each will come with subsequent analysis so you know what this means for your law firm. The most common reasons for breaking IT rules are:
33% don’t think they are doing anything wrong
This is dangerous for any law firm. It’s like playing poker with my Grandma. She has no clue what’s going on and ends up going ‘all in’ with a pair of threes. The rest of us, who know how to play the game (we’re certainly not professionals), get thrown off and she takes the pot. Essentially, her lack of knowledge of the rules and etiquette makes her a dangerous person at the table because you never know what you’re going to get. This extends to your young rule breakers, who don’t understand business and certainly don’t know how your firm gets money to pay them every month.
22% feel they need access to unauthorized applications for their jobs
This is dangerous because a lot of the unauthorized applications they’re reaching for are usually media-driven; this means you’ll see use of Pandora, which slows down internet speeds for everyone, peer-to-peer programs like LimeWire which takes viruses and malware on a tour of your server room, and social media, which decreases work-productivity (the stuff that makes you money).
19% cite lack of enforcement
Just about anyone will tell you that if you make rules but don’t enforce them you haven’t made any rules. Imagine if one day you woke up and a new law had been passed: you must follow the speed limit but we will never penalize you if you don’t (no points, fines, etc.); who would travel at the speed limit?
18% cite a lack of time to think about the policies, 16% say policies are inconvenient, and 15% ‘forget’ to abide by these policies
Personally, these are ‘outs’ in my opinion. If you don’t have time to think about the rules, or if the rules are inconvenient, or if you simply forget to the follow the rules, there should still be penalties. These are excuses not defenses. If they don’t work in criminal court they shouldn’t work at your law firm.
61% say the responsibility for protecting information and devises falls on the IT service provider and not on individual employees
This is another excuse but a telling one nonetheless. Young employees don’t want to be bothered with the ramifications of their actions so they will blame your IT Guy or your Managed Services Provider (or MSP) for giving them the opportunity to commit the crime. Okay, well two can play by those rules.
Here’s how your law firm can address these issues:
- Your employees need to know the rules if you want them to follow them. Post them in the break room and ask them to sign a copy. Maybe do this every six months.
- Your employees need to know why the rules are important. Make sure they’re aware of internal penalties for rule breaking: verbal warning, write-up, suspension, termination. Also, your young employees are just that – young. They haven’t experienced a lot of workplace trauma yet, so they don’t really understand (or fully understand) why management is so particular on sometimes very ambiguous things (I’m allowed to access LinkedIn but not Facebook – why?). Accordingly, you need to teach them how business works, why the rules are in place, and why they’re not necessarily management’s preference but are nonetheless management imperatives. Explain what happens to the business (not just what penalty they’ll get internally) when they break the rules, and translate that to what that means for their personal bottom line. Tell them how if you lose a lender that refers $1 million annual business, that results in layoffs because that’s how business works (you can’t spend more on payroll than payroll brings in for very long).
- We all operate off incentives and disincentives, so you can’t expect someone to change their behavior if there’s no incentive to do so. Reward those who abide by the rules and punish those who don’t.
- Remove the opportunity and turn off the magnet that draws them to rule-breaking. Contact your MSP and setup workplace-specific security settings that prevent garbage from ever entering your building. Don’t want Pandora, Facebook, or LimeWire? Turn them off. You have this power.
- Young employees say the responsibility to protect information and devices relies on the MSP. This is telling – they’ll do what they can get away with. Accordingly, you need a MSP who is proactive, one that prevents the problem instead of responding to it. This isn’t just a catch phrase. It costs less money to prevent a fire than to put it out and repair the water and smoke damage. Engage a MSP who is young and proactive, one that understands what young employees want to get at, what they should and shouldn’t be able to get at, and how to prevent access to those things from inside your walls.