The Musings Of An Opinionated Sod [Help Me Grow!]

Literally, alone.

And when I say multitude, I mean it, because we have more than a Cannes Grand Prix credit.

Now part of this is because we’re in NZ and they have more pressing things to deal with, part of this is because we only have one global ‘shared’ client and our work with them is arguably the best in the network [hello 2024 Cannes Grand Prix without thousands of names on the credit list] and part of this is because we’re very, very good to them – in terms of global creative reputation and business – so they’re smart enough to let us get on with things on our own terms and own devices.

That is, except for IT.

Where IT is concerned, we are bombarded with stuff.

Security stuff specifically.

A week hardly passes by without some sort of ‘training’ to adhere to.

I get it, it’s very important and we don’t take it for granted … which is why the situation that happened to me a few weeks ago just felt so weird.

So I was in NYC when I got a phone call from someone I had never spoken to before.

Or heard of.

They said they were a security partner of one of our ‘owners’ and – as one of my team had lost their password – I had to give them permission to send it again.

Now I knew this was true as the colleague in question had told me it was going to happen, so I said yes … except they then told me that wasn’t enough and they would email me a link where – having entered my credentials – I’d have access to a password that I could then send to my team mate so they could get back into the system.

To which I laughed and said no, that wasn’t going to happen.

And they asked why, to which I laughed some more before pointing out this was the exact ‘phishing’ scenario I had been bombarded with security videos about.

For 3+ years.

Now to be fair, they did acknowledge it did sound dodgy, but they reassured me it was just how their system worked and all was OK.

But as nice as the guy sounded – and he did, so I was careful not to be too rude – I told him that I was sorry, but this just was not going to happen.

So, then they tried to subtly guilt trip me into doing it by saying my colleague couldn’t work without my help.

To which I replied, “I’m their boss, so if anyone can tell them to be OK with not working, it’s me”.

I did ask what alternatives there were to solve this situation and at first they said there wasn’t any, then said I could tell them to contact my boss to get approval.

Maybe they thought that would scare me into agreeing to their request, but I went, “Oh that’s good, go for it and please send her my love”.

It was at this point they gave up and wished me a nice day.

Except while that individual had given up, the ‘company’ they worked for hadn’t and they started sending me messages.

They went through the same script and I went through the same responses.

And while this may all sound like I was being an asshole, it’s not as assholey as a system that needs you to break the very rules they’re there to supposedly protect.

A rule that is very limited in its scope and application.

I appreciate the company in question was trying to help. I appreciate this was a very specific situation – made more difficult by me being in another country. And I accept the company in question is one of the best in their specific field of operation.

However, not only do they need to change their protocol to ensure that – in certain circumstances – they don’t ask their clients employees to do the very opposite of what they are told to follow each and every day … they probably also need to teach their ‘customer service technicians’ how to talk with humans. Especially non-IT security expert humans.

Because not only is ‘practice what you preach’ the most basic of basic brand reputation rules, the best way to get people to do what you want, is to understand how they think and behave.

More evidence that you can be smart, but also be a bit daft – of which nothing proves this more than the interface of Microsoft Teams, but that’s a post for another day, but here’s a hint.