Ever received that little gem of an email from IT: “Compliance Reminder”? No greetings, no sugar-coating, just a tiny, accusatory phrase in your inbox like a foghorn in a library. And just like that, the office collectively holds its breath.
Instantly, a strange ritual begins. Even the most relaxed of colleagues, those who haven’t touched the company VPN in months, start opening folders, scanning drives, and muttering about forgotten passwords like they’re uncovering ancient curses. Karen from marketing begins tearing through her emails as though the server itself might collapse if she doesn’t click the right links. Greg in finance panics at a spreadsheet he hasn’t touched since 2019, convinced it’s harbouring hidden sins.
The stages of this mild hysteria
Stage 1: Feigned calm
“Oh, it’s nothing,” says everyone, firmly ignoring the bolded subject line. They sip their coffee, pretending to type while secretly planning escape routes to a world without IT audits.
Stage 2: The over‑inspection
Folders get scrutinised. Every report, draft, and “final final v2” document undergoes a forensic review. People start asking themselves: Did I give permissions to the wrong person in 2021? Was that macro sketchy? The office turns into a scene from a low‑budget thriller where Excel is the antagonist.
Stage 3: Rumour propagation
“I heard Simon in accounts got flagged for leaving a sticky note with his password.”
“Impossible. That was a joke at the Christmas party.”
By the time lunch rolls around, half the office has changed passwords, unplugged monitors, and considered submitting a notarised declaration of innocence.
Stage 4: Defensive correspondence
Employees craft emails to IT that could double as short confessional essays:
Dear IT, regarding your ‘Compliance Reminder’, I wish to state that any potential breaches were entirely outside my control, likely induced by external factors including, but not limited to, minor desk earthquakes and keyboard-tapping pets.
Stage 5: Reluctant acceptance
A minority eventually realise it’s a generic reminder. They sigh, pick up their tea, and carry on. But the dread lingers, like a half-drunk cup of office coffee left on the radiator: what if next time it’s real?
This is why we cannot have nice things
The brilliance, or cruelty, of IT is that these reminders are both necessary and perfectly phrased to induce panic. “Failure to comply may result in consequences.” Consequences, yes. That word alone prompts existential reflection on every missed annual security training since 2017.
Humans are, by nature, spectacularly bad at interpreting neutral emails. We turn ambiguity into drama. And so, somewhere in every office, someone is quietly Googling: “What is the minimum effort to survive a compliance audit?” while pretending that their life is under control.
Or can we?
The generic email
Imagine instead an email that doesn’t sound like an omen of doom:
Subject: Quick check-in: IT compliance
Hi all,
Just a gentle reminder to review your current system access and any outstanding
compliance tasks by Friday.
This helps us keep our shared resources secure and avoids any last-minute
scrambling.
If you have questions or run into issues, please reply directly, I’m happy to walk
through anything, no stress.
Many thanks,
Nina, IT
No capitalised threats. No vague “consequences.” Just a simple, human tone that acknowledges your time and effort, and invites collaboration rather than panic. And clearly a general email. Compliance reminders like this might actually work, without turning the office into a reenactment of a GOT skirmish.
When someone slips
So someone’s clicked the link. No screaming. No mass panic. Here’s an example of the kind of email that might actually help:
Subject: Quick follow-up: potential security incident
Hi [Name],
We noticed a suspicious link was clicked from your account.
No judgement, these things happen to the best of us.
To keep everything safe, please:
Change your password.
Run the attached security checklist.
Let us know if anything looks unusual.
If you need a hand, we’re here to walk through it step by step, seriously,
just reply.
Thanks,
Nina, IT
It doesn’t shame, it doesn’t threaten, it doesn’t blow up the inbox with corporate “penalty language.” It’s calm, practical, and human, people are far more likely to follow the instructions when their dignity survives intact.