Worried about Information Security? Study Says Focus on Employee Engagement

by Derek Irvine

Masked businessman on a computerRecognize This! – Your employees are your most likely source for data breaches. Engaged employees are far less likely to be a risk factor.

What’s on the list of “top concerns” for your organization? I’m willing to wager that security makes the list and likely near the top. Driving recently, I heard a news story about the switch in thinking in tech companies in recent years. Just a few years ago, the idea of hiring “white hat hackers” to find bugs and security weaknesses was verboten. Now, this type of employee is in high demand.

Sure, there are logical technology steps you must take to protect your organization’s data. But you may be missing one of the key factors in keeping your systems, intellectual property, and other key data secure – employee engagement.

Strategy + Business recently reported on a study of information security in the workplace, specifically on how differently security specialists vs. line managers perceive danger spots:

“The authors conducted in-depth interviews with frontline workers, managers, and information security professionals—CIOs and network administrators—at large firms in a variety of industries across the United States. Points of contention quickly emerged. For example, 39 percent of managers cited hackers as the biggest danger, whereas only 4 percent of security specialists agreed, citing threats such as Trojans, viruses, or worms as more dangerous. But in reality, a company’s own staff can be even more vexing: Almost 60 percent of security professionals pinpointed employees as the most likely source of accidental or intentional breaches.

“The most essential bulwark against cybercrime appears to be a happy workforce, according to the study. The interviews revealed two factors that led employees to consciously betray their firms: the knowledge that the proprietary information in a database could be sold to competitors, or a desire to exact revenge on the company for some kind of perceived slight.” (emphasis mine)

This makes good common sense. If I’m engaged with my organization, I want it to continue to be successful. This means I’m focused not only what I need to do for my own personal success, but also the success of my colleagues and the company as a whole. As a result, I’m far less likely to take selfish actions that can have severely negative repercussions.

The article goes on to point out that the worst steps a security team can take are to provoke further negative responses by employees:

“Draconian practices seeking to limit employees’ Internet access can often backfire if they sow bitterness. Instead, managers at all levels should appeal to their employees’ sense of obligation to protect their organization’s resources—emphasizing that other people may be harmed by their mistake. Accordingly, the authors advise, IT professionals should focus on the idea of protecting ‘others’ rather than ‘the company.’

“ And IT experts can dampen some of their employees’ interest in financial gain by emphasizing how coworkers, customers, and employees’ own families could be devastated by a security breach, with consequences ranging from identity theft to widespread job loss.”

When you think of your workplace and your co-workers as a community, then you’re more likely to think of their interests, too. This is the power of relationships at work. When we build deep, meaningful relationships with our co-workers, we are far less likely to behave in a selfish, self-centered manner. And that can impact your organization in very material ways.

How does your organization work to encourage deeper relationships at work?

Derek Irvine

About Derek Irvine

The VP of Client Strategy and Consulting at Globoforce, Derek Irvine is one of the world’s foremost experts on employee recognition and engagement, helping business leaders set a higher vision and ambition for their organizations. As a renowned speaker and co-author of "The Power of Thanks" and "Winning with a Culture of Recognition," he teaches companies how to use recognition to proactively manage company culture. Derek holds a B.Comm and Masters of Business Studies from the Smurfit Graduate Business School at University College Dublin.

Leave a Reply