Wednesday, October 21, 2015

No Joy at Work - No Problem?

Many of us grew up with messages all around us extolling the virtues of work and the pleasure that a person gets from a job well done.  Some of the more famous examples of films and shows in this category would include "Snow White and the Seven Dwarves" and "Thomas the Train".

In Snow White, the seven dwarves headed off to work every morning with a song, "Whistle While You Work".  The Princess and each of the seven had a job to do and they took a great deal of joy in doing it well.  The song, if you want to listen to it here, is actually quite catchy.

In the "Thomas the Train" series of shows, each of the train engines are taught lessons on how to be the best, most efficient worker they can be.  Although oriented towards a British audience the themes are very similar.  That is, if you work hard at your job and follow through you will have a wonderful (and timely!) life.

With so many messages telling us that we can all achieve happiness through our work, why does it seem that the emotion of joy is missing from the corporate office?  Yes, this assertion is overgeneralizing to a certain extent, but let's experiment.  How many of you reading this posting have felt actual joy in doing your job more than once in the past week?  To take it further, would you describe the environment of your company as being joyful?  Odds are that you won't.

This is a big problem for businesses today.  Many, many firms have mission or value statements that state in various ways the following: "Employees are our most important asset!"  Why, then, do recent studies show that 70% of the workers in the United States and Canada are actively dissatisfied?  Worldwide, that number jumps up to 87%!!!  These are numbers that we can't ignore, especially if each of you is a leader within your company.  Unhappy people lead to all kinds of negative results, which if you live in the United States equates to $550 Billion per year in lost productivity.

It comes as no surprise that the most profitable companies in the United States - Apple, Google, McKinsey, USAA - spend more than just lip service on developing joyful employees.  But the counterargument for following the practices these firms use is the cost.  If your company isn't profitable like these, it would be difficult to spend on free food, child care, posh gyms, and nap pods.
There is good news for all of us.  These perks are great, but they reinforce a key component already in place at these top companies.  What is it - can you guess?  It's the same thing you've probably already heard.  Satisfied employees, and hence joyful workplaces, are the outcome of excellent manager to employee relationships.

Did you get that one?  If you are an excellent leader to your people you've already won the battle.  Here are a couple of facts for you to absorb and own.

  1. 80% of dissatisfied workers became that way because they lost respect for their manager
  2. Joyful workers are 87% LESS likely to leave their company.  This fact takes on a whole new meaning when it costs 100-300% of an employee's total yearly salary to replace them when they leave!
  3. Joyful workers are 50% less likely to have a workplace injury or safety event than those who are not happy.

There are so many facts and studies out there on the Internet that show the incredible benefit brought on by joyful workers, it only makes sense to promote "the pursuit of happyness (sp)" in your workplace.

So what should you do?  Here is some basic advice from me to you on things you can easily do as a leader to re-introduce joy into your environment. 
  • Be respectful.  Cultivate a personal belief that your title does not bequeath to you any special moral or sociological superiority to the people who work under your supervision.  Show that attitude by treating your teams with respect and dignity.
  • Focus on results, not time served.  Give your people a tremendous amount of flexibility to manage their schedules.  Focus on the results they deliver, not the time they spend starting at their computer screen.  The more results that are generated, the more freedom you should give to that person (or people)
  • Be honest and transparent even if you can't tell the whole truth.  In this day of information on demand, there are few secrets.  Always opt to tell your people as much as possible without sacrificing your ethics.  When your folks know that you are ready to confide in them they will trust you in return.  High levels of trust equate to high levels of engagement.  Any combat officer will tell you that.
  • Have at least some idea of the personal lives of each of the people you manage.  Remember that almost everyone has a life they lead away from work.  The more you understand what your people pursue outside of work, the more you can help them maximize those pursuits.
  • Once you've hired the best people, give them the best tools, computers, furniture, training, etc.  To a certain extent, all people are materialistic.  Feed that by being as generous as your company's policies will let you be.  (I don't know how many leaders are outright despised for being stingy when they have no constraints placed upon them)
  • Especially in IT, assume your folks know everything and act accordingly in a truthful and ethical manner (this is the right way to be anyway!).  Odds are that you'll never keep secrets from them even if you try.
  • Practice saying, "I'm sorry".  Every leader, especially the best, make many mistakes.  Be quick to own up to your own failings.  It makes you "human" and eliminates hidden resentment.
Some (all?) of this advice is common sense but only if you follow it.  You CAN have a joyful workplace full of happy people.  It just takes a little work.

Friday, October 2, 2015

Can You Secure the "Unsecureable"?

The trends in technology follow certain patterns.  Speaking broadly, most people can remember some of the bigger ones:

  • Y2K
  • Internet e-commerce purchasing (the rise of Amazon)
  • Big Data
  • Mobility
While I'm sure that each you, my readers, could double or even triple that list in 30 seconds, the point is made.  When dealing with information technologies you can expect a new, big trend to pop up every year or so.

Usually a trend becomes important because it marks the next big area where investments will flow and IT budgets are aimed.  This year, in 2015, a whole new trend has gained tremendous momentum, but not in the traditional way.  The trend is all about information security and the tools and products of the (near) future that will protect companies and critical data assets.

But why information security and why now?  Haven't there always been threats like viruses and penetration attacks?  The answer to that is yes, but the stakes have become greater.  Unlike the past where companies like Target or Sony were targeted by high-tech thieves looking for monetary gain, the threats today are most likely coming from sovereign governments! (And their motivations are likely not about money)  

Would you believe that just this year the government of the United States of America was specifically targeted and attacked?  The prize was the complete personnel data on over 20 Million federal employees.  Not only that - our government has estimated that security incidents involving the integrity of the systems that run our country have increased over 1,100% over the past decade.  We have truly moved past the era of annoying viruses and into a new age of massive, ongoing war in cyberspace.  Many times we can't even identify the players and the action they take are not always easily understood.

So how do these things manifest into corporate America and ultimately affect our lives and careers? 

First and foremost, many of the businesses in the United States are completely unprepared for the new realities and risks of cyber security.  According to some estimates, about a third of the companies in the United States have absolutely no formal infosec competency.  If this fact is indeed real, there are a number of implications.  Perhaps the biggest implication for us all relates to our employment.  If an external entity could learn everything about us - see all of our secrets and lay them bare to the world (a la Eric Snowden) - would our companies be able to survive?  Being honest with ourselves, many of the threats that we (our companies) face are ones that we are completely unprepared to face.  That shouldn't make us fatalistic - rather it must be a wakeup call that we must actively work to build our security capabilities.

A second concern as it relates to business is to decide *when* to get serious about information security.  The truth is that most of the impetus to spend on information security only gets generated after an event occurs.  Operating from a reactionary position is a bad place to be.  Ask the French how that whole Maginot Line thing worked out for them.  It can be a very difficult task to get funding and resources for prevention activities.   Imagine a conversation with the CEO where she says, "You want me to approve $2 million for new software and hardware to prevent something that might happen?"  That's not a comfortable position in which to be, but it doesn't have to be fruitless.  With so many published examples of the effects and aftermaths of information security attacks, there are many ways to illustrate the pain of others and to explain how the same things can happen to you.

Finally, on a personal level the threats from information technology sources are much more prevalent than any type of violent crime.  In fact, as of 2013, if you were an adult who lived in the United States there was a 7% chance that you would be a victim of identity theft.  What's more, if you were targeted you could expect losses of around $3,500.  From personal experience, in just this year (2015) I have had to change the number on two of my major credit cards.  For my American Express card, I've had to change it twice this year and have seen fraudulent charges of over $4,000. (For the record - AMEX is great!)  I've had to change my entire approach to how I protect both myself AND my family.  It's no longer good enough to react to events as they occur.  I do a number of things to actively manage my risk and so should you.

Can you secure the "unsecureable"?  No, the bad guys are always going to be a step ahead, especially if the bad guys are also the good guys.  But one thing is certain.  Those that are proactive and motivated will be MUCH better off than those who do nothing.

Since this blog relates to IT (most of the time), here are some companies you should check out.  There is some tremendous innovations happening in the infosec space right now and these companies are right out on the front lines with so truly wondrous products and services.
  • Tanium
  • FireEye
  • Checkpoint
  • Blue Coat
  • Splunk
  • Imperva
  • Websense
  • Palo Alto (hardware)