There once was an IT manager who tended the computers at a business on the outskirts of town. He was bored, because things were running just fine.
To amuse himself, he sent out a company-wide email that said “Critical Security Issue: all employees must change their passwords immediately. Every password must be at least 8 characters long and contain at least one uppercase letter, one lowercase letter, and one number.”
The employees scrambled to comply with the new directive. To those who asked if it was critical because passwords had been stolen or compromised, he replied with a laugh, “It is in keeping with industry best practice!”
“Don’t cry ‘critical security issue’ if it’s not critical,” the employees said as they slammed the door behind them.
The next week, the IT manager was bored again.
To amuse himself, he sent out a company-wide email that said “Critical Security Issue: All employees must use Internet Explorer only. Any other browsers (Firefox, Chrome, and others) will be automatically uninstalled.”
The employees scrambled to comply with the new directive, and to understand it. To those who asked if it was critical, he replied with a laugh, “It’s in the best interest of the corporate network to reduce security holes.”
“Don’t cry ‘critical security issue’ if it’s not critical,” the employees said as they slammed the door behind them. “And why choose IE as the preferred, no – required, browser if the goal is to reduce security flaws?” they employees wondered, to no avail.
The next week, someone outside the company had posted financial documents that were not yet published, and the IT manager could see there was a lot of unusual network activity occurring.
The IT sent out an urgent company-wide email that said “Critical Security Issue: All employees must disconnect their computers from the network due to a security breach.”
The employees didn’t even see the email, since they had all setup a filtering rule in their email software so that anything from the IT manager went straight into the virtual trash can.
The IT manager noticed there was no effect on the network activity, so he shut down the servers and took everyone offline. The employees, being the resourceful creatures that they were, enabled their phones’ internet sharing capabilities and worked off that, or left for a coffee shop, or went home and worked remotely – all the while keeping their work laptops connected to the internet. The IT manager sat helplessly as all the company secrets flowed into the public.
The next day, the big shots called the IT manager into their offices, wanting to know why all their files were gone.
“Didn’t you read my email about logging off yesterday?”
“No, your emails full of sound and fury, signifying nothing.”
“But that one yesterday was important.”
“Corporate policy states that email communication must be professional and accurate. Labeling everything as ‘critical security issue’ doesn’t strike us as accurate.”
Since the company had to spend a lot of money on the subsequent damage control and lawyers, it didn’t have enough room in the budget for the IT manager. He was laid off, but eventually found a job as a headline writer for a major news outlet.
He who is a hired hand, and not a shepherd, who is not the owner of the sheep, sees the wolf coming, and leaves the sheep and flees, and the wolf snatches them and scatters them.