As an IT manager for a midsize manufacturing company, I have spent the last four years trying to make my senior management understand that by lacking formal IT policies we risk electronic property loss, stolen trade secrets, unnecessary downtime, etc. Over the years I have been told that I was too paranoid and that it's no big deal. I was also told that I worry too much and a company the size of ours is too small to have IT policies.

One day my CEO and I were, again, discussing lack of IT policies over lunch. I told him that because he doesn't seem to want to listen to my concerns that I wasn't going to worry about it anymore. "If you don't care, then neither do I," I told him. I also told him that I do not want to be held liable in case a data breach occurs. After laughing, he agreed not to hold me accountable since he just knew that he was right and I was wrong. As we were finishing up lunch I told him that one day it was going to come back to haunt him for not listening to me. Again he just smirked.

Well, just recently a senior VP was fired for insubordination. He deleted all of his e-mails just before walking out the front door. Because I had implemented e-mail archiving about a year ago, I was able to retrieve all of his e-mails. It was discovered that this VP was also conducting electronic sabotage and stealing company trade secrets. Turns out he sold them to our competition, therefore costing us a lot of business.
To continue reading click here.