It’s not often that I burst out laughing while reading a computer security article. Still less often when I’m reading an HR blog. This article and the comments at the end were a rare treat.
In case the link doesn’t work for you, the author tells a compelling story about how hard it is to get people to lock their computers when they step away from their desks. I agree – it’s miserable trying to convince people that this is an important security control that they should spend time on. You can teach, nag, cajole and people still walk away “just for a minute” and leave their computers open to any hacker in the building. (And if you think you have complete control of the physical facility, you’re kidding yourself.)
Rather than more fruitless policing by one or two committed security geeks, release the goons! Let employees prank each other when someone is careless enough to leave a computer unlocked. Drafting and even sending emails from the unsecured computer is an old trick but must be done with caution – it’s supposed to be a prank, not a career-ending fraud. Better are more personal pranks like changing a Browns fan’s wallpaper to a Steelers logo, changing the autocorrect in MS Word or, my new favorite, flipping the monitor. A harmless prank or three might finally get people to lock those screens.
A few thoughts, though. Make sure that the pranks are harmless. You want to apply judicious social pressure in support of the corporate policy. Workplace bullying is nothing to trifle with. Don’t let it go too far. Second, be very sure that tactic is a good fit for the culture of the team. Tight-knit, high-functioning workgroups have more tolerance for social controls than newly formed or distrustful groups. Finally, be very cautious before “pranking” a subordinate. Behavior that’s completely acceptable with a peer could land the manager in a lawsuit.
Hope you enjoy the article as much as I did.