If someone is going to do something for us we are likely to let them, even if they don’t quite do as good a job of it as we would like. That’s the way we are wired.
There are, of course, exceptions to this situation, but in general we would rather be lazy.
In IT our aim is to make things easier for people (I know it doesn’t always seem that way). The problem is, we often make it easier by taking away the responsibility from the consumer, making them lazy.
I was reminded of this again today by an article in Computerworld by Mathias Thurman. Mathias is talking about the creation of a policy within his organisation that enforces screen lock-out. Most people would regard this as good practice, and I’m not advocating that it’s not, my challenge and one that Mathias recognises is that the enforcement of this policy will make people lazy.
Some of the people within his organisation already have a setting that is more stringent than the policy that he is going to enforce. He says of these people:
They have shown the sort of awareness of security issues that I try to instill in the entire workforce, and now we’re rolling out a policy that seems to say that their security consciousness was unnecessary.
He’s right to be concerned, these people will start to see that the responsibility for security is no longer theirs and has shifted to be the responsibility of the policy set by the IT department.
There’s a greater challenge with this type of policy, and that is that all of the people will now rely upon the policy to lock their screens, including all of the people who used to manually lock their screens when they left their desks. For this group of people the security risk has actually increased, instead of the device being locked when not attended it will be left unlocked for a period of time until the policy kicks in.
This shift of responsibility means that people treat IT as something that is delivered to them, rather than something that they are responsible for.
Lack of responsibility has many facets to it that influence the behaviour of those consuming the services. These include:
- Abuse of the services – “why should I look after this stuff it’s not my responsibility”
- Working around the services – “if they won’t let me do it, I’ll just go and do it somewhere else”
- Apathy to the service – “I’ll just have to use this service because that’s all I’ve got available to me”
We need to find a new way of working that protects the business, but doesn’t remove the responsibility from those consuming the services. We need to do this recognise people’s innate laziness.