We're too small for IT security policies

It took an unethical employee to prove the IT manager's point of how important IT security policies are

As an IT manager for a midsize manufacturing company, I have spent the last four years trying to make my senior management understand that by lacking formal IT policies we risk electronic property loss, stolen trade secrets, unnecessary downtime, etc. Over the years I have been told that I was too paranoid and that it's no big deal. I was also told that I worry too much and a company the size of ours is too small to have IT policies.

One day my CEO and I were, again, discussing lack of IT policies over lunch. I told him that because he doesn't seem to want to listen to my concerns that I wasn't going to worry about it anymore. "If you don't care, then neither do I," I told him. I also told him that I do not want to be held liable in case a data breach occurs. After laughing, he agreed not to hold me accountable since he just knew that he was right and I was wrong. As we were finishing up lunch I told him that one day it was going to come back to haunt him for not listening to me. Again he just smirked.

Well, just recently a senior VP was fired for insubordination. He deleted all of his e-mails just before walking out the front door. Because I had implemented e-mail archiving about a year ago, I was able to retrieve all of his e-mails. It was discovered that this VP was also conducting electronic sabotage and stealing company trade secrets. Turns out he sold them to our competition, therefore costing us a lot of business. He also stole our ideas and used them to start his own business, undercutting us with every sale. Naturally, my CEO came to me and wanted to know how this VP was able to do all of this so easily for so long. With a smile on my face I reminded him that it was because he and others chose to ignore my concerns over the years. Immediately, IT policies were implemented and are now enforced with no exceptions. We are also filing federal lawsuits against this individual and his cohorts.

I now have become a hero to senior management and they finally listen to me. It's good to be right. Keep fighting the good fight and stick to your guns. Eventually you will be redeemed.