Skip to content

Why You Should Always Lock Your Computer: A Cautionary Tale of Malicious Compliance in IT Security

Picture this: You’re the new hire on a seasoned IT security team. You’re eager, maybe a bit cocky, and you think some rules are just plain silly. Locking your computer every time you step away? Pfft—overkill, right? After all, who’s going to be snooping on your unlocked workstation for those “two seconds” you’re gone?

Enter the world of office security culture—a place where pranks are lessons, and lessons are pranks. But what happens when the new guy refuses to play along? Spoiler alert: He learns that in security, if you don’t want to be “shamed,” you might just get burned.

From Harmless Fun to Harsh Reality: The Security Prank That Wasn’t

In a popular story from Reddit’s r/MaliciousCompliance, user u/i_dont_wanna_sign_in shared a tale familiar to many in IT: the universal rule of locking your computer. For years, their team enforced this not just with policy, but with lighthearted pranks. Walk away without locking your screen, and you’d return to a silly email sent from your account—something like “Does anyone know the meaning of life?” Embarrassing, sure, but the intention was clear: lock your computer, don’t get pranked. It was a rite of passage, and everyone played along.

That is, until the new guy showed up.

Despite gentle reminders, explicit documentation, and a few “welcome to the team” warnings, the newbie refused to comply—openly mocking the rule as unnecessary, even though he was now handling sensitive information. When confronted, he scoffed. When pranked, he threatened to escalate.

Here’s where the story takes a turn from “that’s just office fun” to “welcome to the consequences.” Instead of pranks, the team decided to do exactly what policy demanded: every time they saw his computer unlocked, they logged it as an official security violation. No jokes, no nudges—just a flood of incident tickets.

The Downside of Not Playing “The Game”

Within 48 hours, nearly 50 security tickets were opened by various staffers. The result? Retraining, then a straight shot to disciplinary action. The new guy, who “didn’t want to play the game,” found himself in meetings with his boss, the director, and security, facing a Performance Improvement Plan (PIP)—the kind that often spells the end for anyone in IT.

All the while, the original poster and the team were just following the rules. They weren’t out to ruin anyone’s career. But in security, willful noncompliance is no joke. Policies exist for a reason—sometimes to protect data, sometimes to protect people from themselves.

Why This Story Resonates

If you’ve ever worked in IT, you know this dance between culture and compliance. There’s often an unwritten agreement: we’ll keep it light, we’ll keep it fun, but we’ll also keep it secure. When someone refuses to play along, it’s not just about breaking the social contract—it’s about putting everyone at risk.

Some key takeaways for anyone entering tech (or any policy-driven environment):

  • Policies aren’t optional. Especially when handling sensitive data or working in security itself.
  • Good-natured pranks can actually be valuable. They teach lessons in memorable ways, without dragging HR into the mix.
  • Ignoring culture can be as damaging as ignoring policy. The new guy didn’t just miss the memo—he missed the entire point.
  • Malicious compliance is a double-edged sword. If you insist on strict adherence to the letter of the law, don’t be shocked when the spirit is gone.

The Real Meaning of Security

Locking your computer isn’t about paranoia—it’s about protecting assets, reputations, and sometimes even jobs. The best teams find ways to make this stick, whether it’s a running joke, a meme-filled Slack channel, or yes, a little prank here and there.

As for the newbie? He learned the hard way that “not playing the game” just means you’re playing by the strictest rules in the book. And in IT, that’s a game you’re unlikely to win.

Ever been part of a security culture that used creative enforcement? Or witnessed a policy meltdown of your own? Share your stories in the comments—just don’t forget to lock your screen first!

Original Reddit Post: Don't want to play, no problem