https://www.facebook.com/tr?id=239616613522127&ev=PageView&noscript=1%22/>

Viewing entries in
Security & Risk

How Online Behaviors Are Impacting Your Bottom Line

Comment

How Online Behaviors Are Impacting Your Bottom Line

Many of us have experienced toxic behavior in the workplace. Though many of us use stories and anecdotes to illustrate and process our experiences, few of us have had access to quantifiable data when attempting to communicate the importance of managing these behaviors at work. What are the full costs of toxic workplace behavior? To help organizations get clarity around the value of reducing toxic behavior in the workplace, we’ve anonymized and aggregated a trove of data around this question, and taken it upon ourselves to use this data to provide meaningful insight for companies around the world.

Last year, we kick-started this conversation by publishing a study called "The Cost of a Toxic Hire.” It was a breakthrough resource showing how much money companies were losing to the turnover and absenteeism caused by toxic employees. While the response was overwhelmingly positive, we recognized that companies were losing far more than $1.2 million per year. We soon found even more information about how much market cap companies were losing to toxic behavior, and the measures that boards are now taking to protect their companies from the fallout of insidious workplace events.

Earlier this year, we launched the Toxic Employee Handbook with Dr. John Sullivan, a renowned influencer in the world of talent management. This newly released handbook covered over 40 distinct categories of damage caused by toxic employees and offered new tools to start building a business case for formal toxic behavior reduction efforts. Again, the response was overwhelmingly positive. More and more companies are looking to understand the full extent of damages that toxic employees inflict on our businesses and to discover ways they can identify them before they harm our organizations.

Still, we get questions about the value of certain preventative methods. As the leading provider of online background screening, we’ve worked with hundreds of clients to develop strategies to identify workplace behaviors ranging from subtle bigotry to violent threats. Even though more than 70% of employers today research candidates on social media before hiring them, we’re often asked: why should I look online to keep my company safe from bad hires?

Comment

Why Social Media is Healthcare’s Biggest Risk

Comment

Why Social Media is Healthcare’s Biggest Risk

As of 2019, nurses and doctors have been voted the most trusted professions in the United States. While this is great news for the healthcare industry, there are also good reasons for this designation. We trust nurses and doctors with our health and safety. So when we find a provider that treats us with care, we’re relieved to find they have our best interest in mind. However, trust can be easily broken, and as new technologies transform the profession, we see two forces making that trust harder to regain.

Today, there’s a steady rise in HIPAA violations on social media putting privacy at risk, and a long-standing epidemic of toxic behavior making its way online and threatening the basic safety of patients and staff. In this blog, we’ll explain how these issues play out on social media and the public web, and lay out why these mistakes are costly both for patients and the providers they trust…

Comment

The reason we still don’t understand culture risk

Comment

The reason we still don’t understand culture risk

Cultural and reputational risks are becoming more and more common for enterprises today. As companies across business sectors find themselves suffering reputational damage over some form of toxic behavior or unethical business decision, a growing number of executives are starting to see culture as a direct contributor to the bottom line. While the increasing awareness around these issues is encouraging from a social standpoint, many executives are still unsure how to tangibly improve their company culture. According to Deloitte’s Human Capital Trends Report, 82% of executives say that culture is a potential competitive advantage, yet only 12% believe they’re driving the “right culture.”

How is it possible that only 12% believe they’re driving the right culture? In part, it’s because the processes that executives and board members have in place aren’t giving them the signals they need. Despite the fact that information is essential to understanding and managing culture risk, especially in a digitized and media-driven business environment, 65% of CEOs and 62% of board members today say they lack a process for identifying signals of potential culture risk. This leaves companies prone to a range of negative consequences ranging from consumer backlash to a spike in turnover.

How can there be such a lack of process for identifying signals of potential culture risk?

Comment

How A Fortune 100 Manager Got Away With Dozens of Sexual Harassment Cases

Comment

How A Fortune 100 Manager Got Away With Dozens of Sexual Harassment Cases

For every headline we see about workplace harassment or bigotry, it’s easy to forget that there are hundreds of stories that never surface. Today’s blog comes from an anonymous employee who recounts an instance of systematic, predatory behavior at one of largest tech companies in America. Their story illustrates the discomfort and trauma that employees (often women) face when toxic behavior is present, and explains why companies must take new approaches to preventing sexual harassment in the workplace.

I am grateful to have had so many positive experiences in the workplace. I worked at my previous company for six and a half years, during a time of tremendous growth in which the company grew from 3,000 to 25,000 employees and became one of the most highly recognized brands in the world. Throughout this time, the focus on culture and community was apparent from the top down and instilled a genuine feeling of family amongst my colleagues and myself. Even after leaving the company a year and a half ago, I still feel it. Four people on my former team became some of my best friends, and I think of my former colleagues as extended family.

So when I discovered that more than a dozen young women – my extended family members – all experienced the predatory behavior of another male colleague through a systematic and premeditated series of inappropriate conversations via an internal company chat tool, I was furious and heartbroken. I discovered this one night at our company’s annual sales conference, where thousands of people in my work family gather each year to connect, learn and grow together. After one of the sessions, I was catching up with friends from other offices when a teammate shared a story about his team dinner from the previous evening…

Comment

Online Screening: The Next Frontier of Insider Threat Detection

Comment

Online Screening: The Next Frontier of Insider Threat Detection

As more and more of our lives move onto the public web, businesses are becoming aware of the degree to which publicly available online information can help them stay ahead of potential risks. Previously, we discussed how online screening can help organizations manage their mergers and acquisitions. However, as the landscape of risk continues to grow, we’re also seeing companies leverage online screening to prevent insider threats—malicious threats to an organization’s security, data, and computer systems that comes from the people within.

Traditionally, businesses have mitigated insider threats by identifying and troubleshooting technical vulnerabilities in the enterprise or responding after the fact. But as more and more employees collaborate with criminal and activist groups, and the cost of the average insider threats reaches $8.7 million per incident, the success of your business can also hinge upon your ability to catch more emotional and qualitative vulnerabilities. How do these “emotional warning signs” indicate a potential attack, and how do you find them before it’s too late?

In this blog, we’ll discuss how employees’ interactions with social media and the public web can lead to costly breaches to information security. From there, we’ll break down the difference between negligent and malicious insiders, and why companies need a sophisticated online screening solutions to safeguard themselves from the full set of potential vulnerabilities.

Comment

The Rise of the Emotionally Intelligent Enterprise

Comment

The Rise of the Emotionally Intelligent Enterprise

The last 18 months have been transformative for the way companies do business. As people pushed corporations to adopt new policies through movements such as the global walkouts at Google, companies that were once driven purely by sales and revenue are starting to change. They are beginning to realize that they will need to take a stance on issues such as harassment and bigotry to remain in good standing. In an age where authenticity and accountability are key, empathy has become a driving force for business success.

However, as sexual harassment lawsuits and global anger reach record highs, and headline after headline continues to rock corporations across industries, the fact remains that companies must actively prove to consumers and employees that they care.

Today, employees and customers look to companies to understand where they stand on major social issues. Many businesses have responded to this trend with well-intentioned PR statements around their corporate culture and policy. However, the bar today has been set far higher than before. Customers and employees often feel that companies can’t gauge their emotions and are increasingly frustrated by well-meaning statements with little follow through. That means that to assuage consumer anger and combat a growing possibility of reputational loss, companies need to demonstrate emotional intelligence, not just a political stance.

Comment

No More Silos: How People Risk Will Change Your Department in 2019

Comment

No More Silos: How People Risk Will Change Your Department in 2019

In the age of social media, anyone can be a journalist. In a recent article about bad employee behaviors gone viral, Erik Deutsch of the LA-based ExcelPR group said that the ability to post anything in real time and make it accessible to the entire world has forced companies to rethink risk management. “If someone was mistreated in a store 15 years ago, they might make a scene and tell their friends, and that would be it,” he says. “Now, they post it online and it can become a sensation.”

As this year’s headlines around workplace harassment, bigotry, and violence suggest, individual departments are struggling to mitigate people-based risk on their own. HR is overwhelmed with paperwork. PR is scrambling to react quickly enough to control the narrative when bad news breaks. Security teams are often ill-prepared to handle allegations that boil down to “he said, she said” disputes. IT is asked to manage a growing set of channels not necessarily optimized for security. The new reality of people risk is exposing major cracks in traditional organizational structures. Unless companies adopt new approaches to people risk management (PRM), it will be increasingly difficult to stay ahead of potential threats.

So what’s on the horizon for people risk management? Moving forward, we will see significant shifts in structure, process, and technology to promote deeper collaboration between HR, risk, digital communications, and IT. While organizations will take a variety of approaches to mitigate these new threats, we predict three general trends…

Comment

5 Ways Social Media Behavior Can Create Security Risks

Comment

5 Ways Social Media Behavior Can Create Security Risks

There is increasing awareness among security experts about how social media behaviors can open the door for insider and outsider threats. However, other than an employee posting a direct threat online, it can sometimes be difficult to know what to look for.

When attackers want to penetrate an organization’s security, they look for vulnerabilities. These vulnerabilities may be technical in nature but oftentimes employees themselves can be the weakest links in a security system. The content that employees post on social media can give would-be attackers clues as to who in the organization might be susceptible. At Fama, we’ve worked with numerous organizations to help them interpret potential risk indicators on social media.

5 examples of social media posts that have left organizations vulnerable to an attack:

1. Complaining about security protocols – We’ve even seen employees complain online about security measures and even state that they don’t plan on abiding by those measures. In one instance, a government contractor had a policy prohibiting employees from bringing company phones to work. One employee complained on Facebook about the “absurdity” of the rule and joked about not following it. By posting these comments publicly, the employee not only encouraged others to ignore the protocols, but also advertises to potential outside attackers that his phone is a potential path into the organization. 

2. Bullying or harassing others online – We unfortunately see public bullying of co-workers on social media. This behavior is obviously unacceptable and hurtful in its own right but it also indicates to outside attackers someone who is potentially hurt, angry or resentful and would have a reason to lash out against the company.

3. Financial desperation – Financial debt is the second leading cause of insiders turning rogue[1]. An employee talking about student loan debt but not be a problem but when an individual starts talking about financial problems with emotional desperation it is an indicator that they may be willing to do something extreme.

4. Badmouthing the corporation – While most insider threats are motivated by financial gain, employees who are happy with their jobs and their companies are less likely to take such an extreme step. An employee who talks about hating their job, hating their boss, or calling their company “evil”, is more likely to rationalize self-serving behaviors.

5. Revealing sensitive client information – Revealing privileged information is a problem that you need to know about. When someone seems to talk too freely about clients or corporate IP, even if it’s not a direct privacy breach, it is an indicator that this person is likely to share information that he probably shouldn’t.

Make sure that your organization has clear policies for what is acceptable for your employees to post online. Have process in place to ensure that those policies are being followed because a policy with no enforcement might as well not exist. Finally, make sure you have options for how to act in the event a policy was violated whether it be further training, restrictions, or more serious action steps. We'd love to tell you more about how Fama can work with you to identify these kinds of risks at your organization.

Contact us at [email protected] if you’d like to learn more.

[1] “Insider Threats and the Need for Fast and Directed Response,” SANS Institute, 2016.

Comment