Fostering a “Security Culture”: Taking It Beyond Training Alone

By Leslie Jones, CHRO and Mark Lucas, Chief Information Security Officer

Coalfire

People are every organization’s greatest asset. But it is also true that an endless stream of cyber security statistics and cyber incidents consistently show that humans nature remains one of the weakest links in the organizational security chain.

Despite the heavy investments made in security solutions and policies, human behavior is fairly predictable and prone to mistakes; those with malicious intent may leverage these very attributes to gain access to sensitive company assets. It’s easier for someone to reuse the same password, for example, and ignore the security risks in doing so than to remember a variety of passwords or change passwords regularly. It’s these behavior patterns that make human assets seem more like an Achilles heel when it comes to security. And because employees are valued contributors that drive organizations to success, it is up to employers to help solve this dilemma. The solution then is to embed security awareness into the employee base from the top down, so that it becomes a living part of organizational culture.

“Security culture” can’t be achieved through annual web-based security training alone; it involves a much more pervasive, motivational, leadership-driven and peer-supported program. Such a well-rounded program can help employees feel they have “skin in the game,” rather than just being sideline observers. Statistics differ on the success rates of information security awareness programs, but we believe it isn’t about whether such programs are conducted, but rather, how they are conducted.

So how do you build a successful security culture? Most companies on the cyber-security-maturity model continuum have a defined set of security policies for employees to follow—this is a fundamental component of any program. Here are some additional steps toward creating a robust internal security program, one that ensures employees understand and own their role as active and willing participants in protecting the organization:

Awareness. Training is essential, and how you conduct that training can determine its effectiveness. Make employees aware of the ‘whys’ behind each policy, discuss the impacts to the organization when policies aren’t followed (using specific cyber incident examples), and emphasize how they can make a real difference for the organization. Most employees don’t respond well to scare tactics for failure to comply, but they do respond to positive incentives and motivational messages. Make the training fun, use humor, and demonstrate that leaders can be victims, too; this all plays a role in engaging employees.

Incentives and recognition. Some companies have effectively used quarterly recognition programs and financial incentives for employees who report suspicious emails, adhere to policy and champion security awareness. Make security awareness an ongoing celebration. Security should be loud and clear, so employees can hear about it on a regular basis. This keeps the subject top-of-mind so employees can see their stake in the game.

Continuous awareness. Some companies, such as Coalfire, create ongoing security awareness communication campaigns to keep security front and center. These can include materials such as security handbooks, wallet cards, creative posters for office facilities, and creative email campaigns with tips.

Making use of emerging cyber incidents. Cyber incidents can be debilitating, but when they occur and put the organization on the front page, they create great opportunities to have the CISO educate managers and employees on why they occurred; what, if anything, they need to do to protect themselves and the organization; and how everyone can play a role in better using security best practices.

Run tests, report on results.  Run tests to see how well employees are understanding the fundamentals of cybersecurity such as phishing tests, which indicate if employees have indeed learned not to open suspicious emails. Results can be published by a designated department or group. These sorts of tests typically provide great insights, which can be fed back to the organization for longer term results.

In the business of human resources, we know and understand that culture is an organic phenomenon. It arises out of the combined dynamics of the group. And yet, we can and do work to influence culture, leveraging it to create a more effective and positive place to realize our organizational goals. In a world where cyber incidents dominate headlines and create financial, legal, brand and individual damage, investing the time and effort to infuse security culture into your organization is now a growing imperative for organizations of every size, in every industry. 

Town Hall Meetings Get Real

By Brian Anderson, Chief Marketing Officer at POPin

As new tools, analytics and technology transform the traditional workplace, "town-hall-style" gatherings remain popular forums for employees at all levels to engage with one another and have direct contact with senior management.

Beyond the camaraderie, the issues at hand and the need for consensus gathering, transparency, feedback and input make town halls an attractive option. As such, the agenda setting, post-meeting action items and feedback loops can hold as much weight as the meeting. But corporate town hall meetings often fall flat; employees see them as lip service rather than places for their voices to genuinely be heard, and senior management perceives them as precarious attempts at transparency with a low yield on organizational alignment.

This disconnect shows a failure to source feedback from employees prior to meetings so that management can plan to address the right topics. Despite efforts to gather the whole team, it is challenging to prioritize agenda items, figure out what’s really top of mind across the board, and discern how best to address issues with a constructive, results-based approach.

Below are a few tips to drive more actionable insights on important company-wide issues in a town hall setting:

Before the meeting:

Crowdsource questions. By crowdsourcing questions from employees before the town hall starts, companies can set a structured agenda for the meeting. Managers can use these questions to gauge which issues are the most pressing and should be prioritized. By using software to crowdsource questions from employees, management also minimizes the risk of spending the majority of the meeting discussing a topic that isn’t a primary concern for employees.

Enable anonymity. Candid feedback is key to company improvement, and by remaining anonymous, employees can be more honest with their feedback without the fear of retribution. Employees should be allowed to anonymously ask questions and provide feedback to senior management. Crowdsourcing technology makes it easy for employees to submit anonymous comments.

During the meeting:

Encourage dialogue. Real-time questions allow the audience to engage with the presenter during the town hall. However, employees can be intimidated when the CEO asks the audience for questions. To prevent this, companies can use mobile technology to allow employees to anonymously submit questions during the town hall.

Swap the schedule. During most town halls, CEOs and upper management can seemingly dominate the allotted time with presentations and monologues, leaving little time for a Q&A session at the end.

The goal of a town hall is to gain insight and feedback from employees. By limiting the presentation time for executives and scheduling a longer Q&A session, management will have ample time to address employee concerns.

After the meeting:
Leverage analytics. Companies should have an analytics platform in place to quantify how effectively the messages of their town hall meeting was transmitted. Analytics empower managers to bridge identified gaps and build closer relationships with their employees.

Provide insights. In addition to providing a recap of the town hall, managers should provide all employees with insights gained from the meeting. A crowdsourcing platform can help managers use analytics to provide insight in a constructively.


For managers, corporate town halls are a great way to drive transparency within the organization and cultivate meaningful conversations with their employees. Town halls provide employees with an open forum to ask questions and provide feedback, which will ultimately help the company improve. Despite best efforts to hold interactive town halls in which workforce concerns are heard, it’s still difficult to discern exactly what employees need. By leveraging new tools and analytics to facilitate anonymous, organized town halls with employees, managers can ensure that these meetings will provide fruitful results.

Employee Burnout and What Companies Can Do to Fix It

By: Suresh Parakoti, Founder and CEO, glasssquid.io

Employee burnout is a very real phenomenon, and it’s proving to be more and more prevalent in the workplace. More often than not, managers tend to see an exhausted and frustrated employee as a personal failure to find the right candidate to join their team; in their mind, the person is unable to handle responsibilities, is incapable of rising above stress, or quite simply, just isn’t cut out for the job.

Every employee—even the high-performing rock star—is susceptible to feeling depleted and unmotivated some of the time. Burnout is driven by many different factors, and many thought leadership articles have shared some of its causes. For example, an article from Fast Company earlier this year listed the following five contributors to burnout:

●      Poor compensation

●      Unreasonable workload

●      Excessive overtime or uncompensated after-hours work

●      Poor management

●      A disconnect from overall corporate strategy

Similarly, the Harvard Business Review shared three more causes:

●      Excessive collaboration

●      Weak time-management disciplines

●      Overloading the most capable workers

Though the causes of employee burnout vary, most sources suggest that it’s less of an individual concern and more of an organizational challenge. This view may seem to absolve the employee of any accountability and put all the responsibility on management, but it has the power to put company leadership in control. In turn, leadership can take the necessary actions to turn things around.

Over the years, many companies have underscored the importance of work-life balance and actually managed to successfully implement it. A high percentage of these have also offered employee benefits that go beyond the usual medical, dental, vision and 401k packages to cultivate an environment that gets employees excited about going to work. These benefits include, but are not limited to:

●      A full-service café.

●      Flexible hours.

●      No dress codes.

●      Shopping discounts.

●      Gym reimbursements.

●      Paid maternity and paternity leave.

Companies not only offer these perks to keep the morale high among current employees, but also highlight them all over their careers page and job listings as a means to attract quality top talent. Some companies have gone above and beyond to ensure that their employees feel seen, attended to, and cared for. Zappos, for instance, offers nap times for employees to rest and rejuvenate when they need to; SAS’s shows their high regard for family with subsidized, on-site childcare centers and college scholarship programs for the children of their employees; Arianna Huffington has even implemented an email-deleting tool that unburdens her Thrive Global employees when they go on vacation.

Many management teams have recognized the reality of employee burnout as well as its implications within their companies. Loss of productivity, for one, has a tangible, quantifiable consequence. Employee turnover is similar. As work, environment and many other company-specific factors vary, so have the solutions and preventative measures for employee burnout that management teams have implemented. The bottom line is that leaders within the company have the ability to empower their employees, increase productive output, and reduce burnout. In doing so, they give their employees the drive to work, which ultimately drives the company’s success.

Suresh Parakoti is the Founder and CEO of glasssquid.io, an online staffing firm that leverages artificial intelligence to connect top talents with employers and hiring managers.

Smart Onboarding Boosts Employee Engagement

By: Cord Himelstein, Vice President of Marketing and Communications, Michael C. Fina Recognition

The U.S. Bureau of Labor Statistics reports that in some industries, the average job tenure has shrunk to little more than two years. Now more than ever, building relationships and introducing new employees to the company culture early on is critical to fostering long-term loyalty. The first days, weeks, and to a larger extent, the first year at a company is a crucial time when the employee decides if their new job is a good fit. That’s why 23 percent of new hires turnover before their first anniversary. Replacing them also costs between 16-20 percent of their salaries!

No matter the employee, everything must be done to make those first moments of connection rewarding and invigorating. Integrating employee recognition into onboarding creates great opportunities for companies to connect with and support employees as they adjust to the culture. Even though layering employee recognition efforts into onboarding efforts can boost early engagement, a recent Michael C. Fina Recognition survey of HR professionals showed that only 33 percent of organizations currently do so. For shame!

A commitment to recognizing workers prior to their first day, on their first day, and throughout the first year of employment can help accelerate cultural adoption and greatly increase the chances of them staying longer. These efforts need not break the bank either. Here are some of the most popular budget-minded ways organizations are helping new hires feel welcome:

Onboarding Kits: Offering a customized onboarding kit with a personalized gift—and making an employee’s first day a recognition event—can help a new hire get acclimated more quickly. This can be something as simple as a swag bag with a customized t-shirt and other personalized gifts, although some companies create an entire onboarding experience to introduce employees to company values, expectations, and the overall work journey.

First Day Festivities:  Many organizations celebrate employees on their first day with a special breakfast or lunch with coworkers. This is a great opportunity to make personal connections with peers—an important factor in retention. Also, making sure managers spend a good amount of time on the introduction process can ease any anxiety a new hire might have as well as speed up the acclimation process.

Extra Manager Involvement: Beyond introductions to the team, establishing a positive manager-to-direct-report relationship is a silver bullet for voluntary turnover. According to Gallup, only 1 in 5 employees say their performance is managed in a way that encourages them to do outstanding work. Setting regular progress meetings and having informal touch-base conversations help ensure the new hire knows someone is always available for consultation and support.

The onboarding phase has grown in importance over the last decade but with job tenures shrinking it is becoming mission-critical. Integrating recognition program strategy with the onboarding experience is the best way to encourage personal relationships, show new employees your commitment to their satisfaction, and start building loyalty and engagement from day one.