Advertisement

How Great Engagement Can Improve Your Information Security

Article main image
Nov 12, 2014

What’s on the list of “top concerns” for your organization?

I’m willing to wager that security makes the list, and it’s likely it is near the top.

Driving recently, I heard a news story about the switch in thinking in tech companies in recent years. Just a few years ago, the idea of hiring “white hat hackers” to find bugs and security weaknesses was verboten. Now, this type of employee is in high demand.

Employees and organizational security breaches

Sure, there are logical technology steps you must take to protect your organization’s data. But you may be missing one of the key factors in keeping your systems, intellectual property, and other key data secure – employee engagement.

Strategy + Business recently reported on a study of information security in the workplace, specifically on how differently security specialists vs. line managers perceive danger spots:

The authors conducted in-depth interviews with frontline workers, managers, and information security professionals— CIOs and network administrators — at large firms in a variety of industries across the United States. Points of contention quickly emerged.

For example, 39 percent of managers cited hackers as the biggest danger, whereas only 4 percent of security specialists agreed, citing threats such as Trojans, viruses, or worms as more dangerous. But in reality, a company’s own staff can be even more vexing: Almost 60 percent of security professionals pinpointed employees as the most likely source of accidental or intentional breaches.

The most essential bulwark against cyber crime appears to be a happy workforce, according to the study. The interviews revealed two factors that led employees to consciously betray their firms: the knowledge that the proprietary information in a database could be sold to competitors, or a desire to exact revenge on the company for some kind of perceived slight.” (emphasis mine)

Selfish actions can have negative repercussions

This makes good sense. If I’m engaged with my organization, I want it to continue to be successful. This means I’m focused not only what I need to do for my own personal success, but also the success of my colleagues and the company as a whole.

As a result, I’m far less likely to take selfish actions that can have severely negative repercussions.

The article goes on to point out that the worst steps a security team can take are to provoke further negative responses by employees:

Draconian practices seeking to limit employees’ Internet access can often backfire if they sow bitterness. Instead, managers at all levels should appeal to their employees’ sense of obligation to protect their organization’s resources—emphasizing that other people may be harmed by their mistake. Accordingly, the authors advise, IT professionals should focus on the idea of protecting ‘others’ rather than ‘the company.’

And IT experts can dampen some of their employees’ interest in financial gain by emphasizing how coworkers, customers, and employees’ own families could be devastated by a security breach, with consequences ranging from identity theft to widespread job loss.”

The power of workplace relationships

When you think of your workplace and your co-workers as a community, then you’re more likely to think of their interests, too.

This is the power of relationships at work. When we build deep, meaningful relationships with our co-workers, we are far less likely to behave in a selfish, self-centered manner. And that can impact your organization in very material ways.

How does your organization work to encourage deeper relationships at work?

You can find more from Derek Irvine on his Recognize This! blog.