Here's what we might potentially consider: 1) Understand the Behavior: Clarify if the issue is due to a lack of awareness or intentional disregard. 2) Address Privately: Have a respectful one-on-one conversation. Explain the risks of ignoring security policies and their potential consequences. 3) Offer Education: Ensure they understand the guidelines and why they matter. Provide resources or support if needed. 4) Escalate if Necessary: If the issue persists, document the breaches and escalate to management or the security team for further action. 5) Promote a Security Culture: Foster a shared sense of responsibility and lead by example in following security protocols.

To address this issue, you need to first ask them as to why they are ignoring these security guidelines. This is so that you would know the reason why they are doing so. You need to then explain to them why these guidelines can't be ignored. This is so that they would know why it's so important and necessary. You must also educate and train them on how to do their work without being hindered by these guidelines. This is especially if they ignored it due to it hindering their productivity.

Example: Observe your colleague leaving the client financials folder unlocked. Privately say, “Hey, I’ve noticed you’ve skipped locking the folder. Any reason it’s tough?” If they shrug—“It’s fine”—reply, “A hack could leak data, like Colonial Pipeline’s mess.” Offer, “I can show you Authy for quick two-factor.” If ignored, tell your lead, “Sarah skipped it March 15 and 20; it risks our XYZ contract.” Suggest a team refresher if it’s widespread. Document chats—dates, outcomes—for backup. They’ll likely adjust; if not, leadership steps in. Casual or tense vibe with them?

If a colleague is ignoring security guidelines, start with a respectful, private conversation. They may be unaware of the risks or find the rules unclear. Frame it as a shared responsibility to keep the team and company safe. If the issue continues, document specific concerns and escalate it through the proper channels, such as a manager or security team. It's important to address the behavior early to prevent larger risks without making it personal. Helping them understand the real-world impact of poor security habits can make the issue feel more relevant. Encouraging a culture of accountability benefits everyone in the long run.

TECH & HUMAN security controls must NEVER be bypassed. It's non-negotiable. Data breach, malware or ransomware attacks are costly & embarrassing. Bypassing security is serious & must be investigated: * RCAs & WHO/WHY/WHERE/WHEN for these violations? * Reason for violations: Accidental? Intentional? Job-Related? * WHY did TECH controls allow for violations? Fine tuning? * Conduct RCA research on HUMAN side of failure * Handle any intentional or criminal acts per HR policy * Work privately with non-intentional violations in "+" tone * Active security awareness training may be needed * Security & HR POLICY review may be needed * Actively monitor all aspects of security/privacy to ensure no further violations occur

Start with why! Try to understand why the colleague keeps ignoring the guidelines, by privately talking to her / him. There could be a good reason for it, what may leads into a risk assessment or revalidation of the guideline for practicability for the company.

I once worked with a colleague who constantly bypassed security protocols, thinking they were just red tape. Instead of confronting them, I shared real-world data on breaches caused by minor lapses—95% of cybersecurity incidents stem from human error. A quick chat about the risks and a reminder of how small actions protect the whole team made the difference. Sometimes, it’s not about enforcing rules but making security feel personal.

"Security is not just a guideline; it's a responsibility we all share." If a colleague keeps ignoring security guidelines, here’s how I would approach it: Open Conversation: I’d have a private and respectful conversation to understand their reasons and explain the importance of following security protocols. Reinforce Consequences: I’d highlight the potential risks and consequences of ignoring security guidelines for the organization and individuals. Offer Support: I’d offer to help if they’re facing challenges in understanding or applying the guidelines. Lead by Example: I’d consistently follow security best practices myself, showing how easy and important it is to do so.

Start by understanding the underlying issue is this because of lack of proper training, feeling overwhelmed, or simply unaware of the risks? Once you pinpoint the root cause, approach the conversation with empathy. Emphasize the shared importance of security and how it impacts everyone. Offer support, provide helpful resources, or suggest a quick refresher to address any gaps. Framing the discussion as a collaborative effort rather than a criticism can led to stronger long-term compliance and a more engaged team

When a colleague repeatedly ignores security guidelines, it's important to address the issue constructively rather than confrontationally. Start by having a private conversation to understand their perspective—sometimes noncompliance stems from confusion or lack of awareness rather than intentional disregard. Reiterate the importance of security practices and how their actions could impact the entire organization. If the behavior continues, escalate the issue through the appropriate channels like IT security or HR, following your organization’s policy. Reinforcing a culture of accountability and ongoing education helps ensure everyone understands that cybersecurity is a shared responsibility.