I don’t think that is true. Rules that you have to use a fax machine are enshrined in outdated laws. No IT professional is going to say to use a fax machine for security.
The same thing is true for a lot of security practices. Our company had silly password rotation policies because of certification requirements, not because our IT team thought it was necessary.
An IT professional will say don't open PDF files from every random email that comes into your publicly posted email address though.
Yes, but a boss being unable to receive a fax because the machine is "otherwise occupied" may do that.
Edit: can't even confirm that it really is only fax and physical mail that's available; on a cursory search, tackling this fully online is already well possible: https://news.ycombinator.com/item?id=47544562
It is entirely possible for both parties to have simply missed thinking of this. Or for me to be missing or misunderstanding something.
I disagree. I'm sorry Karen here needs to bear the brunt, but if this kept up, at some point Karen's boss will take notice, And then it moves up the chain to someone who can affect that policy.
Companies purposefully set us up to communicate bottom-up, so we can either play the game or break the law.
>People who are responsible for overreaching unreasonable security rules ... are basically us
No, it'd be a policy maker or CEO who thinks we're in the 90's and that secure email documentation isn't a thing. "We" could suggest so many ways to handle it that would save costs while being more secure. We're not much higher on the totem pole than Karen.
Yet suddenly, we get these incidents and our bosses are suddenly rushing to IT to find a solution. As if 6 months of deliberation wasn't enough.
That’s a hilarious fantasy you have here.
The system is largely bad. That's mostly agreed by each side. I feel like what you're asking for—to treat others as humans—is right and yet only going in one direction. There's a disagreement between the company and the customer and instead of showing up the company disingenuously gives you an unrelated powerless person to speak to. The expectation is that you shouldn't count them as the company, you count them as a human—and you're supposed to do that _because_ the company underpays them and gives them no power.
You see this all the time in cybersecurity. Nobody cares until there's a breach. Nobody would care if he faxed 25 pages and mildly inconvenienced Karen, but by faxing 500 pages and inconveniencing the whole office, it's going to start something. Even if it takes them another 5 years to fix the process, it's a start.
Realistically, the change will probably be "no more than 25 pages of evidence required". But that's also a win for the person being asked for it.
But this has been my reality. Employees can evangelize for months for better security, but then a (very avoidable) hack happens and suddenly the budget for it appears out of thin air. Being a nuisance (or letting nature take its course, in the perspective of an employee) is much more powerful to these kinds of organizations than words.
So your lived experience indicates that harassing front-line low-level employees about it does not work because they won't be listened to. Why, then, are you advocating for harassing front-line low-level employees?
Go for the people who can actually set policy: ministers, representatives, council, agency boards, managers. When you call, rather than take it out on the employee request to be transferred up.
And even if you don't have the energy to keep fighting after your own case has been fixed (a very common remedy when it's usually much easier to grease the squeaky wheel than to actually fix the axle), try to leave information on your process and contact points in accessible locations so that those afterwards can start a step or two ahead.
I'm saying inconvenience from an outside force (not the low level employee) gets actions done, not words from the employee. It can be the custome, it can be a malicious actor. It can be the federal or state government. But it has to come from outside or up top.
I don't know how you construed that as "so customers can't do anything"
>Go for the people who can actually set policy: ministers, representatives, council, agency boards, managers. When you call, rather than take it out on the employee request to be transferred up.
If you've seen local policy these days... Yeah, not really. LA just had a new Metro line approved despite the mayor's attempts to delay the vote. Policy isn't working with us.
I won't say escalation doesnt work, but I haven't seen it pulled off. Wait queues for help is already so long, so asking more time of the customer might not be feasible. It's already inefficient enough that we need go use Synchronous calls to to do all these duties.