The Reason Why Employees Hate the IT Security Department

The Reason Why Employees Hate the IT Security Department

When everything goes right in IT security, nothing happens. No systems fail. There are no headlines in the news media. Nobody calls you at 3am about a crisis. It feels like you have no cybersecurity challenges.

That’s one of the most frustrating realities of IT security work. On the other hand, many employees complain constantly about the barriers cybersecurity staff put in place. In some cases, these complaints are simply the cost of doing business. However, that doesn’t mean IT security can or should ignore the needs and views of employees.

Signs Your Employees Are Disengaged (or Worse!) with Cyber Security Challenges

Even if the IT security department is fully staffed with the best professionals in the world and top-notch technology, your organization is still at risk. Every employee has a role to play in protecting both company and customer information. If employees are disengaged or disgruntled with IT security, then your problem is more likely to have problems. The following are the four most common signs of IT security disengagement.

1. Low Participation in IT Security Events and Training

When national cybersecurity awareness month comes around in the fall, security professionals get excited. It’s finally their moment to promote security! Then, the sad reality hits: almost nobody is showing up at your events. You might see the same trend appear in your online security training events. If you have to rely upon management pressure to get staff to attend your training, that’s a sign that employees are disengaged.

2. Growth of Shadow IT Spending and Usage

When employees are angry or disappointed with the IT department, they’ll go elsewhere. For example, some business leaders like to have “shadow IT” – contractors and software managed directly in their business unit. Those arrangements tend to increase IT security risk because they’re not governed and monitored with the same process as the rest of the company. This type of cybersecurity challenge only increases over time because business managers tend to lose focus on IT and move on to other priorities.

3. Negative Attitudes About IT Security in Surveys and Meetings

Most companies use surveys to gather feedback from customers and employees. If your company has survey data, analyze it for scores and comments related to IT security. Comments that IT security is “frustrating” or “slow” should concern you. These comments suggest a higher likelihood of problems later on. For example, employees with a negative attitude about IT security are more likely to skip anti-phishing training and may fall victim to such attacks.

Note: In some cases, negative attitudes about IT may not be easy to observe. In that case, pose the “magic wand” question to your stakeholders. Use this wording: “If you could wave a magic wand and change three things about how we do IT security, what would you change?” If you encounter a large number of comments, that tells you there’s a significant cybersecurity challenge you need to address.

4. Minimal IT Security Engagement in Project Work

Engaging all the right stakeholders is one of the critical arts in project management. Leave out an important person or department and your project could delay the entire project to address last-minute concerns. Unfortunately, IT security departments are sometimes perceived as excessively cautious. That reputation means that IT security challenges are sometimes ignored or overlooked until the last moment. Such behavior means your IT projects will increase the level of cybersecurity risk.

The Chatbot That Makes IT Security Convenient Instead of Painful

If you feel that many of your organization’s staff dislike or ignore IT security, listen up: it’s time to act. Take responsibility for the fact that employees hate IT security. If you want to win their support for improving security, seize the initiative. Specifically, we recommend making IT security more convenient. Instead of forcing employees to come to the help desk or wait in long phone queues, make life easier for them using an IT security chatbot.

With Apollo, employees can request access changes to their accounts by sending a text message. That means never wasting time on unproductive activities when you’re traveling. Just send a few text messages to Apollo, and you’re back online. Of course, you can also use Apollo with Slack, Skype, and directly through your company website. From a cybersecurity management perspective, you don’t have to worry about tracking user requests. Every access request and change is centrally tracked by Apollo. That means you’re not going to fail an IT audit due to incomplete records.

After you implement Apollo, you’ll see improvements for every cybersecurity challenge you track. Since cybersecurity is now more accessible for employees, your credibility as a corporate leader will be enhanced. Next, you’re likely to see better engagement when you deliver employee training programs. Finally, the entire IT department will enjoy higher morale since you’ll be seen as delivering better results and convenience to employees.
To find out what’s involved in implementing Apollo, read our post: “5 Steps to Integrating Virtual Agents in a Painless Password Management Program.”

Written by Nelson Cicchitto