One of the most difficult security business rules to enforce in companies is the “mandatory lock account” when you are not in front of your computer. Entering your credentials over and over again is seen as a waste of time. Why should I lock my session it if I’m going away for just a few minutes? What could go wrong during a tiny coffee break?
Let’s not delve into the huge list of things that could go downstairs from that specific security risk. After all, if you are trying to encourage safety, it means that your assessment is done and your conclusions drawn. Since you are building up approaches to safeguard your information, let me tell you about a simple tactic that will persuade all staff to hit Windows + L mechanically before standing from their desks.
What do I mean with “trolling”? I bet you heard the Internet slang term to define those individuals that aim to start arguments or provoke emotional responses, taking advantage of their anonymity. The idea behind the approach I’m proposing is that your coworkers are the ones that enforce your security rules upon each other, fearing what retaliation might bring if they fail to do so.
A widely accepted way to play this game is to invite all coworkers to beers after work via email to the whole team’s distribution list – and of course, pay for it! Another valid strategy is to “do the hoff”: installing a chrome extension that replaces all images in the user’s browser with pictures of David Hasselhoff, along with changing the corporate desktop background.
It’s important to define clear boundaries. After all, if it exceeds the red line of what is playful teasing and goes beyond that into real personal damage, it will damage your employees’ comfort and performance. Don’t let it go too far. Taking this to life outside of the office, or damaging the work they are doing is completely out of the picture. Everyone should aim for simple pranks and practical jokes.
So go ahead: send an email reminding the whole company that they should not leave computers unattended without locking their account. State clearly the rules of what damage does it bring _to their own persona_. Encourage email writing impersonating someone (without writing to any external address. Keep this “inside home”) to treat companions. And close up the announcement with a prompt towards fair play. And notch it up a gear: make yourself an available target! Leading by example is the best course to direct changes.
After that, you will be double-checking your computer before leaving the office… But it sure is worth it.