IT Deadline Dumpster Fire
One of my company's IT staff dropped a bombshell email on the company today. He announced that all employees must bring their computers and other electronic devices (except smartphones) that access company IT systems, up to new security standards. That includes installing antivirus protection, changing passwords, and adding multifactor authentication. And it all must be completed, along with an attestation form, by 12/31. Or access will be terminated.
In case you don't see the problem with that, let me break it down for you.
First, as a note, the problem is >>NOT<< the increase in security requirements.
The problem is the timing. More specifically, the lack of time employees have to meet the new standards.
There are only 10 days until 12/31. Four of these days are weekends. Three to 4 more are holidays in the countries where 90%+ of our employees work. That leaves only 2-3 working days which- because of the time of year- most employees have already arranged to take personal time off.
In my specific case, I was left with just half the day today to meet these new requirements. Because after today, I'm out until the new year. And today I already had a last-minute task given to me by my boss which I committed to deliver today. I raised my concern with her that completing the IT task would jeopardize completing our project.
As you might imagine, I was not the only one caught in a difficult position by this last-minute imperative. Many other people complained- a few of them publicly, via reply-all email, but many more like I did, by raising the issue privately through Management first. So many so that by the time my manager got back to me, she remarked that it was "a total Dumpster fire". It had already been escalated to multiple executives and been brought to HR as an inappropriate behavior complaint.
Wow, you know ITsec has screwed up when HR is on their case.
In case you don't see the problem with that, let me break it down for you.
First, as a note, the problem is >>NOT<< the increase in security requirements.
The problem is the timing. More specifically, the lack of time employees have to meet the new standards.
There are only 10 days until 12/31. Four of these days are weekends. Three to 4 more are holidays in the countries where 90%+ of our employees work. That leaves only 2-3 working days which- because of the time of year- most employees have already arranged to take personal time off.
In my specific case, I was left with just half the day today to meet these new requirements. Because after today, I'm out until the new year. And today I already had a last-minute task given to me by my boss which I committed to deliver today. I raised my concern with her that completing the IT task would jeopardize completing our project.
As you might imagine, I was not the only one caught in a difficult position by this last-minute imperative. Many other people complained- a few of them publicly, via reply-all email, but many more like I did, by raising the issue privately through Management first. So many so that by the time my manager got back to me, she remarked that it was "a total Dumpster fire". It had already been escalated to multiple executives and been brought to HR as an inappropriate behavior complaint.
Wow, you know ITsec has screwed up when HR is on their case.