TRENDING:

The Expert's View

Workplace Culture Clash

October 8, 2009    

If you're like me and you spend a lot of time sitting in traffic around the D.C. beltway, you've noticed that many drivers are comfortable texting, catching up on phone calls, getting dressed for work, and sometimes even reading behind the wheel. With the new executive order issued Oct. 1, however, there may be a few million fewer people texting behind the wheel.

While this order sets clear standards and expectations for driver safety, it's not clear whether this is in response to a specific event or trend. Is this a preemptive step to reduce hazards posed by younger government employees who have been conditioned to text and chat behind the wheel? Have managers and executives trying to make productive use of down time been responsible for an uptick in traffic accidents? One thing is certain, our constant connectivity has the potential to raise security concerns.

Consider the influx of younger Americans, or millennials, who are entering the federal workforce, looking to integrate their technical ability and know-how into their new environment and responsibilities. While well-intentioned, this approach is not always welcomed into workplace culture. Many high security environments have established rigorous policies governing the use of cell phones, software applications, portable storage media and wireless devices to curb the inadvertent or intentional misuse of sensitive data. This prohibitive environment does not always resonate with a generation that is known to be an always-connected, early adopter of technology.

Social networks are a good example. For most businesses and agencies, social nets are a way to stay connected, informed, and to communicate with like-minded colleagues. From a security perspective, they also present a significant challenge for agencies whose personnel are consistently and aggressively targeted by hostile entities. In the high-security environment, any application that broadens the attack surface will be exploited by adversaries to target staff and military personnel. It's a risk that is too great for some agencies, leading to an outright ban in order to prevent abuse. These types of policies will not be understood by employees who have not been fully indoctrinated into the high security mindset that is required in the classified workplace.

Technology services are tightly integrated with many of our social, personal and professional lives, and workplace policies that prohibit the use of certain technology may be viewed by some as annoying, excessive or old fashioned. Employees may simply disregard, for instance, rules prohibiting the use of personal electronic devices in a classified workspace, or policies restricting the use of file-sharing applications on the enterprise network. Whether you subscribe to this philosophy or not, some employees will simply charge forward, guided by their own individual beliefs, disregarding controls that have been established for the collective good.

Persistent connectivity may also be a hazard for employees who may easily get off-track or distracted during the workday. Whether you are conscious of it or not, if you watch television, browse the Internet or listen to the radio, your cognitive processes have adapted to consume frequent, unrelated and short-duration streams of data. making it difficult for some individuals to focus and concentrate on tasks that require more than just a fleeting moment of attention. Consequently, some employees may get easily off-track or bored with their work - and want to do something else.

Some may term this multi-tasking, but don't be fooled, no matter what it is called, this is a dysfunctional pattern of behavior that will not lead to a productive work effort. The unopened e-mail, unread text message or missed personal call may be too tempting a distraction, leading to the diminished focus on tasks that must be accomplished during the day. Incidents of time and attendance fraud are frequently investigated by federal inspectors general, and managers need to enforce an understanding about how to accurately account for the workday effort on timecards or invoices to prevent or reduce fraud.

These issues aren't insurmountable, and odds are you have seen and dealt with these problems before. To a large degree, many of these issues are consistent with the attitudes and behaviors of new employees who have yet to be assimilated into the institutional security culture. Managers will need to be persistent in instructing and enforcing rules of conduct for employees that are unfamiliar with your business processes and expectations.

Eric M. Fiterman is a former FBI special agent and founder of Methodvue, a consultancy that provides cybersecurity and computer forensics services to the federal government and private businesses.



About the Author




Around the Network

Is It Generative AI's Fault, or Do We Blame Human Beings?
Is It Generative AI's Fault, or Do We Blame Human Beings?
Protecting Medical Devices Against Future Cyberthreats
Protecting Medical Devices Against Future Cyberthreats
Transforming a Cyber Program in the Aftermath of an Attack
Transforming a Cyber Program in the Aftermath of an Attack
Identity Security and How to Reduce Risk During M&A
Identity Security and How to Reduce Risk During M&A
How the NIST CSF 2.0 Can Help Healthcare Sector Firms
How the NIST CSF 2.0 Can Help Healthcare Sector Firms
Medical Device Cyberthreat Modeling: Top Considerations
Medical Device Cyberthreat Modeling: Top Considerations
Why Health Firms Struggle with Cybersecurity Frameworks
Why Health Firms Struggle with Cybersecurity Frameworks
Evolving Threats Facing Robotic and Other Medical Gear
Evolving Threats Facing Robotic and Other Medical Gear
How 'Security by Default' Boosts Health Sector Cybersecurity
How 'Security by Default' Boosts Health Sector Cybersecurity
Safeguarding Critical OT and IoT Gear Used in Healthcare
Safeguarding Critical OT and IoT Gear Used in Healthcare

Continue »

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing govinfosecurity.com, you agree to our use of cookies.