Maintaining workplace safety can seem like a rare form of torture–videos and quizzes and talks and such. For most of us, it’s a necessary chore. But despite the looks among employees with each new H.R. training session, the work that happens in those conference rooms at least in theory translates to profits.
The inoculation process of onboarding a new hire is profoundly important to the proper functioning of any organization. Never before have there been more actionable sensitivities and special needs, all of them calling for empathy and action in the workplace. Safety is important. People don’t work well when they don’t feel secure.
Notwithstanding the Google example, it would be a stretch–and possibly an actionable H.R. error–to describe as “sexy” the various manifestations of workplace best-practices.
H.R. departments are in the business of minimizing the use of trigger words. When someone in the room says that this or that profitable situation is “sexy” there are other words that can carry the same amount of water–for instance, “exciting” or “awesome.” Basically, that word, for some demographic types, means “super cool,” and can be applied to the purchase of a new car, a new smartphone or bagging a multi-million dollar contract. No champagne, no smoke machine.
Enter Tall, Dark and Cyber Safe
Where cybersecurity is concerned, many employees have a sort of click and pray approach. It is not a method that inspires a great feeling of security. Add to that the reality of doing business today. Businesses and employees alike live under constant threat of the fallout from someone–maybe even the child of an employee that brings their own devices to work–clicking on the wrong link, opening the wrong attachment or mistakenly creating an unsecured database containing sensitive information.
The numbers are grim. Eighty percent of businesses expect to experience a data breach before the end of 2019, and more than half of small and mid-size businesses were breached last year (and that’s just the organizations that are aware something happened). Meanwhile, the cost of a breach keeps climbing steadily, especially when lost customers, fines, and lawsuits are added to the total.
It’s an all too common scenario: undersized and demoralized IT departments sprint from one crisis to another, while H.R. departments fail to grok that cyber vulnerabilities are an existential threat on par with a gas leak in the office breakroom. The overlap between workplace safety and cyber safety is significant–in fact they belong under the same rubric: Safety. At issue too often is the failure of an organization to identify cyber vulnerabilities and then deploy H.R. to train them into submission, thus minimizing the exposure.
The 3 Ms for Business
Monitor Everything: Establish a policy at your business about transferring funds; in the era of deepfakes, it’s important to know who is likely to request access to money, and how it should be handled. Always double check by getting confirmation on the phone. All systems can introduce vulnerabilities, especially the introduction of new technology. Create a culture where employees know that if they see something, they will be rewarded for saying something. Cybersecurity is a team sport.
Manage the Damage: When it comes to a compromise of your company’s identity, honesty is the best policy. Own up to a data breach as quickly as possible (especially if you are subject to the GDPR’s 72 hour requirement), be transparent about lapses in security, and review any policies that allowed the compromise to occur in the first place. Jack Dorsey’s Twitter hack may have been embarrassing, but the company moved quickly to close the security loophole that allowed it to happen. Perhaps most important, have some empathy. Cyber-fails are scary. Remember, your news might be more traumatic for your customers or clients than it is for you, and act accordingly.
If safety isn’t the most exciting thing on earth, profitability is, and any company that doesn’t devote significant resources to keeping employees current on the cyber-front will at some point have to ditch productivity (and with that profits) while their most valuable resource–humans working for them–recover, and bear in mind, that can take a very un-sexy 100-200 hours.