Top tech HR violations and how to avoid them

When techie people rub up against people people...

When techie people rub up against people people...

Like all employees, IT staff on rare occasions fall foul of the HR department. But how do their transgressions compare with those of other workers? Andrew Donoghue reports.

The names speak for themselves: human resources and the tech department. One is obviously people-focused and rated for its interpersonal skills. The other is focused on resources that can be just as temperamental but require a different set of abilities to manage.

Give these very different pedigrees, it's not surprising that IT and HR lock horns occasionally. From the IT side this may stem from the perception that HR staff are on the whole not as technically adept as they might be, which can result in some frustrating helpdesk calls, for example.

But IT departments also obviously attract staff with certain qualities. Bluntness, a lack of people skills, a penchant for minor hacking, and even in some cases dubious personal hygiene are just some of the stereotypes that persist about techies.

As well as these relatively harmless traits, there are times when IT staff, just like other departments, overstep the mark and come up against the disciplinary mandate that HR is there to impose.

Fortunately, such incidents are usually rare, but is there any pattern in the type of disciplinary action involving IT staff or do they simply fall foul of the same sort of misconduct as other staff?

To investigate these issues, silicon.com talked to some industry insiders about the most common techie HR violations and how to avoid them.

1. Watching the IT watchmen
The IT department is the first line of defence when it comes to monitoring the use of company technology. This role will often be complemented by automated software that can spot any dubious uses of company email or internet and flag it up to those in charge.

But in both these instances, IT staff are either being trusted to police others or have admin rights to the monitoring software in question, which throws up the issue of who is watching the watchers? The answer is often fellow techies or line managers in the same department, which may create the temptation to keep all but the most serious violations within the team.

hands on keyboard company email monitoring

The monitoring of company email can throw up questions over who watches the watchers
(Photo credit: Shutterstock)

A 2009 survey from security company Cyber Ark revealed that 35 per cent of IT workers have admitted to accessing corporate information without authorisation, while 74 per cent of respondents stated that they could circumvent the controls currently in place to prevent access to internal information.

"One of the biggest issues in relation to preventing offences by IT staff is the question of who polices the police," says Richard Martin, partner at law firm Speechly Bircham. "Who monitors what the staff are doing, and who has the expertise to detect what they are doing if they try to hide it?"

The solution, according to Bircham, is to have not only...

...senior IT staff routinely monitoring their subordinates but also introducing regular sporadic external audits. However, this monitoring has to itself be done in a way that doesn't compromise the rights of the suspect, according to Bircham who cites the example of German transport organisation Deutsche Bahn, which was recently fined €1.1m by the German data protection regulator for conducting monitoring activity that was deemed unlawful under data protection laws.

"The data protection rules do not seek to ban covert monitoring taking place but do require the employer to carry out an impact assessment to ensure that the way in the which the monitoring is conducted is reasonable, and includes measures to respect the privacy and data protection rights of the employee," says Bircham.

2. The unhelpful helpdesk
IT folklore is littered with examples of stupid calls made to helpdesks, such as the tale of the user who thought his CD-drive was a cup-holder.

Desk phone Helpdesk calls can be a source of frustration for both IT and end users

Helpdesk calls can be a source of frustration for both IT and end users
(Photo credit: Shutterstock)

But for the civilians on the other end of those calls, the behaviour of techies can be just as infuriating. IT company marketing manager Matthew Connaughton describes an incident where a helpdesk call spiralled out of control.

"A few years ago at a previous employer, I wanted to ask one of our freelance IT guys - who sat around the corner from me - about a fairly trivial compatibility issue," he says. "Said person didn't allow me to finish my question without interrupting, 'Have you logged a helpdesk request? Have you logged a helpdesk request?'"

On the first two occasions that response was tolerable and even, on the face of it, almost funny. After 10 or so instances, I became incensed at being mocked in front of my long-standing colleagues."

The techies' response resulted in Connaughton posting a helpdesk request but one that was similarly terse. Eventually a meeting between the two and their respective line managers was called to resolve the stand-off.

Helpdesks are the source of much animosity for IT staff and users but a little bit of patience and latitude on both sides can go a long way.

3. Unequal opportunities
While it would obviously be grossly unfair to suggest that IT staff are predisposed to sexist attitudes, it is a fact that women are still underrepresented in the profession.

According to research by IT professional bodies BCS, e-Skills UK and Intellect, men outnumber women in the workforce by nearly four to one. More worryingly, across all age groups, female IT professional consistently earn less than their male colleagues.

While none of this evidence in itself proves that techies are more likely to make the kind of sexist remark that could land them in hot water with HR, working in a male-dominated environment increases the likelihood that this kind of behaviour will emerge occasionally. One of the UK's most celebrated techies Tim Berners-Lee has claimed that IT's "laddish" culture puts off women from entering the profession.

But while sexism may still be an industry issue, sometimes gender issues can emerge from quite unsuspected quarters, as...

...David Chan, director of the Centre for newly launched Information Leadership at City University, recounts. "When I was an IT director one of my programmers decided he wanted to be a woman. The organisation I worked with was very traditional command and control, male-orientated organisation. The fact that one of my guys wanted to go for a sex-change was seen as very revolutionary," he says.

In the end HR proved to be the tech department's ally in managing the situation, according to Chan. "The HR director at the time was very, very good but the rest of the organisation was stunned by it," he said. "In the end we had to say we have to legally support this guy but the biggest argument was from the female staff who were worried about sharing toilet facilities with him."

4. Harmless hacking?
Although the term hacking might carry negative connotations for the general public, in IT circles it historically refers to the penchant of techies to tinker. However, when that tinkering involves company systems or proprietary hardware, it can land IT staff in hot water with HR and company management.

A recent study by Fortify Software revealed that half the IT security professionals questioned admitted to hacking. While this figure might seem alarming, 73 per cent of those questioned said they did so to test the strength of their own network's defences. However, a further 13 per cent admitted it was for fun or out of curiosity, and three per cent even admitted to targeting their efforts at competing companies.

unauthorised

Unauthorised access to company systems by the IT department can be an issue for HR departments
(Photo credit: Shutterstock)

However, while internal hacking and theft of data can be a very serious issue, not all hacking incidents are what they first appear to be as one IT security company insider recounts.

"In 2009, the company concerned was developing a data loss prevention system and was testing it internally," the insider said. "It found that one of its software team was emailing documents to a competing organisation. It looked like a case of espionage. But on investigation it turned out that the developer was a native Hebrew speaker, and was sending documents to his wife - who was better at English than he was, and worked for the rival company - for proof-reading before legitimately sending them to customers and partners."

The techie concerned wasn't disciplined as no actual breach was deemed to have occurred. Instead he was offered some training to get his language - and presumably IT security - skills up to speed.

Working outside office hours also throws up issues, according to City University's Chan, who said IT staff can sometimes run into conflict with HR and management over pet projects conducted on work premises.

"Most organisations will have some terms and conditions in their contracts that say they own the IP for everything," he said. "Staff only get paid for nine to five but whatever they dream up while at work becomes the organisation's property. Anybody who has got anything about them is probably running their own website on the side and that can often get into conflict."

Apart from codes of conduct, there are industry bodies that also encourage standards of conduct in the industry. BCS, the chartered institute For IT, for example, is keen to promote tech as a profession of the same standing as law or accountancy.

"For the IT professional in particular, it is very important that they set the standard for their organisation and undertake their roles to professional levels. BCS members sign up to a professional code of conduct in addition to any requirements their employers might implement," the group says.

City University is also kicking off its Master of Information Leadership course, which provides leadership and management skills to deal with the kind of disciplinary issues IT managers and CIOs can expect to encounter.