Discussing business security and safety with employees can be a sensitive issue. You don’t want employees to feel they aren’t trusted, that an all-seeing eye is watching their every move, or that you’re spying on their internet activities at every opportunity. Fundamentally, you need to create an environment that reinforces trust, rather than one where it feels like you expect to catch them doing something wrong.
At the same time, your employees represent a significant threat vector when it comes to securing your network, your data, and ultimately your business. According to the Ponemon Institute’s 2016 survey, IT professionals identified negligent or careless employees as the biggest threat to network security. If you don’t have some sensible policies in place, you’re putting yourself at risk for a major breach, or even worse.
In this article we’ll explore the key discussions employers need to have with employees about business safety and security, and how to approach subjects like employee theft, surveillance cameras in the workplace, computer monitoring and more. While these conversations can be challenging for employers, you need to have them to not only protect your business’ best interests, but also maintain employee trust.
Why You Need to Take Security Measures
Before we dive into how you manage expectations with your employees, it’s important to understand why monitoring and other security measures are so essential.
As we noted above, the fact of the matter is that human error is to blame for the majority of high-profile hacks. According to the 2015 Verizon Data Breach Investigations Report, phishing attempts via various social engineering methods account for as much as 80% of all malware attacks. The attacker tricks a target into voluntarily handing over key info by pretending to make a legitimate request, a fake password reset email, for example. Techniques are only getting more and more advanced as hackers find new ways to spoof email addresses, IP addresses, and legitimate domains.
Practically speaking, employee activity online and in the office can open you up to liability in the event that they’re doing something illegal, like harassment or theft. While you don’t want to cross the line into becoming Big Brother, it’s smart to put in place what you need to protect yourself in the event that the worst happens.
So there are a lot of good reasons for you to implement some sort of comprehensive security and monitoring policy, but what about breaking it to your employees? Think about it from their perspective. While you may be doing it for any number of reasons, they may think it’s because you don’t trust them. This can be corrosive to maintaining a cohesive, productive, and motivated team.
There are a lot of ways that trust can ebb and flow. Ultimately, it comes down to mutual respect, which you show through your actions. Trust is earned, and not to be taken for granted. If you want proactive, motivated employees, then you need to give them a certain degree of autonomy and respect.
One of the most damaging things you can do to your credibility is to implement a security program in secret. Yes, you might have a suspicion that someone on your team is up to no good; and yes, you might be able to catch that person red-handed if you don’t tip them off, but consider how it looks to other employees. The last thing you want them to wonder is whether or not you have dirt on them. You can also open yourself up to liability if you find out something you shouldn’t, like their political views, religious views, medical conditions, etc.
If you’re going to initialize new security and monitoring measures, you need to be transparent about what you’re doing and why you’re doing it. Clearly explain your reasons for doing what you’re doing, and what to expect. Remind your employees of any policies you have in place that they’ve already agreed to, or any changes that will be going into effect moving forward.
Focus on Why
Be clear with your employees about why security and monitoring is so important. There are a lot of good reasons: liability, safety, resilience, productivity, and more. At the same time, they’re not necessarily going to know your reasons unless you communicate them. This goes double for any video surveillance you might need to install. Showing up to work to find a camera looking over your shoulder says loud and clear, “we’re watching you,” even if it’s just there to keep an eye on your expensive equipment.
This is also a good way to check in with yourself about what you’re actually looking for, and why it’s important. While you definitely don’t want to pay people to slack off, ask yourself if you’re actually unhappy with the level of productivity of your team. If things are getting done quickly, then you probably don’t want to mess with success. People work different ways, and they may need an occasional break in order to focus better— removing the source of distraction won’t necessarily make them more productive, and at worst can feel like an arbitrary punishment that negatively impacts the work.
Being clear about your reasons for taking the measures you’re taking keeps your employees on the same page, demonstrates respect, and also gets them thinking about security in their day-to-day. Keep the focus on productivity, security, and safety, rather than how they might be breaking the rules.
What You Can Do Right Now
Introducing security and safety measures to your workplace can be a touchy subject. You have to strike a balance between your business’ need to protect itself and, on the other hand, your need to show respect and trust in your employees. By communicating clearly about what you’re doing, why you’re doing it, and how it will help, you can keep your team motivated and working well.
Protect yourself from data breaches and more with security and monitoring practices.
Be transparent about what you’re doing, when, and why you’re doing it.
Focus on how it will help your employees, rather than what they might be doing wrong.