A Matter of Security
by Kevin McManus, the Systems Guy
Back in the mid 1990s, the growth of e-mail usage and internet access in the workplace created a new need for workplace security, primarily in the form of information control. The tragedy of 9/11 in 2001 added a second dimension to our workplace security concerns – keeping terrorism threats out of our offices and plants. Technology both fueled and assisted our efforts in supposedly making both our employees and our secrets safer. In my mind however a key question remains – have we really made our workplaces more secure?
We can now watch where our employees go during the work day via video cameras and personal computer monitoring. We perform background checks on most, if not all, of our new hires (at least within the hourly ranks) and we require our people to scan their way into and out of the workplace each day. We control access to sensitive documents (at least we think that we do). We approach people at work with a paranoid eye, especially those who look different than us, wondering who the next Osama bin Laden might be. The question still remains – are we really that secure? I don't think so.
It is true that we do all of these things in an attempt to make things safer and more secure. Personally however, I believe that we are failing to address the root cause of our true security problem – losing the people we chose to hire in the first place. We might like to think that we are keeping our information secure when we control file access and repossess the personal computers as part of the exit interview process, but to my knowledge, we have not yet developed the ability to erase our peoples' memories with a device similar to the ones used by Agents K and J (you know, those men in black). How many of your secrets are in the minds of your ex-employees?
In a similar sense, we are equally ignorant if we think that a background check and a series of phone calls to check references will keep the ‘bad people' out of our workplaces. True, these measures do keep us from hiring those that would present a more immediate threat to our work world, but they don't prevent us from hiring the next Jeffery Dahmer or Mohammad Atta. As is the case with the people we lose, we think that we can somehow read the minds of those we hire simply by talking to them and reviewing their pasts. Face it, we don't know what people are really thinking, we can't control what they think, and we can't erase their memories when they are no longer our employees.
I believe that our true security concerns at work involve the failure, or relative weakness, of our hiring process, along with those approaches that are intended to retain those ‘good' people that we do hire. We are equally poor at assessing talent, and while it is our overblown egos that prohibit true improvements in both cases, I'll save that subject for a different rant. Any person with ineffective beliefs or misplaced priorities is a liability should we choose to hire them. Any employee with a good memory and a bad attitude is a threat to our security should we fail to retain them.
I've have both entered and exited several different companies during my work career to-date (but that's my problem, right?). In each case, the hiring process and exit process were different. Also in each case, the company of note was unable to secure the plant layouts, product formulations, strategic plans, and cost structures that I possessed in my memory. If I was a vindictive person or had a lot of heartache about leaving the organization, I could have caused a lot of damage. Fortunately for them I'm not.
While we can't ensure that we are hiring the best person, or even a safe one, there are process steps that high performance companies build into their hiring approaches that help minimize the potential that a really bad apple will make it onto the payroll. The best hiring processes include multiple interviews, with both panel and one-on-one settings being used. Multiple forms of testing are used as well – the drug test is not the only test used – the best also look at math and reading literacy, personality traits, culture match, and communication preferences. Most importantly, the best measure the percentage of people that they lose at each step of the hiring process, and they expect to lose more and more people with each step. This practice both demonstrates the value of each process step and reinforces the belief that they are trying to only hire the best.
The smart companies recognize that in this day in age, if you hire someone, there is a good chance that they are going to remain on the payroll for awhile. They also recognize that the longer you keep someone around, the more they are going to learn. That is why the best focus as much effort on keeping someone once they are hired as they do on hiring them in the first place. Unfortunately, our security paranoia coupled with our desire to optimize the short term bottom line has resulted in most companies placing much more effort on employee hiring than they do on employee retention.
It has been my experience that employee retention is much more critical, both for the memory security reasons mentioned above and because the hiring costs have already been sunk. In addition to the learning that each person conducts either consciously or subconsciously on their own while under our employ, we often invest significant additional dollars in training these people to do one or more jobs. By the time a person has been with us a year (which is about how long it would take for us to realize that we might have made a mistake), we have invested a lot of money in getting them and training them, and they know enough about us to present a threat to our future success if we lose them.
It is my opinion that the employer has the obligation to create a work environment that makes people want to stay. If an employee leaves, it is the company's fault – that's why the best companies try to measure through internal surveys the percentage of people that have thought about leaving, in addition to merely tracking turnover. Many companies don't even measure or trend turnover on a month to month basis, let alone track and identify the true root causes of the turnover. Even fewer build meaningful actions into their annual plans to address these root causes. Our egos lead us to believe that people are just going for the grass that appears to be greener, instead of admitting that our own grass is pretty brown, if not altogether dead.
To keep good people, you have treat them fairly, both from a compensation and a work environment perspective. You have to help them develop over time, and you have to proactively address the concerns that might lead them to think about leaving. The best measure employee satisfaction quarterly, and yet some companies foolishly believe that such surveys only need to be conducted every other year (great cost savings … right). I have even heard company leaders say “We used to conduct surveys, but we stopped doing them because nothing ever changed.” Guess where I don't want to work.
Worse yet, we allow bad leadership behaviors to persist in the workplace, instead of working with the leaders that we not only hired, but probably promoted, to minimize, if not eliminate those problem behaviors that are making their people detest coming in to work each day and encouraging them to hide their mistakes. The best companies use a leadership index as part of their internal survey process to keep regular watch on leadership practices, including on the job behaviors, for all people who have been given the privilege of leading others. The worst are content to think (and sometimes say) ‘do it my way or hit the highway'.
How secure is your workplace … really? Can you demonstrate in a fact-based manner that you are hiring the best people, doing what is necessary to keep them from even thinking about leaving, and integrating actions into your annual planning process to help drive employee satisfaction in each work team to higher levels over time? If not, how do you know if your workplace is really secure? If you think about, you could be losing a lot more of your sensitive information, and putting your current people more at risk, each day than you think. Keep improving!
Kevin McManus, Great Systems!, July 2004
Would You Like to Learn More?
Click on one of the following links to learn even more about Great Systems! and the types of systems improvements I can help you make:
“The only thing I know is that I do not know it all.” -- Socrates