Have Your Security and Compliance Efforts Changed Along with Your Workforce?
In four short years, millennials (born roughly between 1975 and 1995) will make up 50 percent of the workforce. In another five years, they will represent 75 percent. And Generation Z (those born from 1995 to 2015) isn’t far behind.
But do these shifts matter to compliance and security programs – and is there anything different we should be doing?
The short answer is, yes. However, many organizations are doing little to evolve their programs to better connect with employees who are seeking higher-quality content, better engagement, and quick and easy access to information. This was one of the findings of the NAVEX Global’s 2015 Training Benchmark Report.
The preferences I note above are often linked to millennials, but they are not exclusive to that generation. Many employees, regardless of age, would agree that these improvements would benefit everyone. Besides, a quick (but not very scientific) quiz from the Pew Research Center shows that being a millennial is a state of mind, not necessarily a reflection of age.
With cyber risk and cybersecurity top compliance concerns for employers, security and compliance professionals must rethink what they tell employees and how they deliver the messages.
Consider Your Audience
It’s important to take a moment to consider the environment that shaped your employees’ pre-work years. Millennials grew up in an age where technology became an ever-increasing part of their lives, and for the youngest of this generation, they can barely remember a time when technology was not omnipresent.
As a group, millennials have a different view of ethics and compliance, and according to research from the Ethics Resource Center, are at a greater risk of engaging in unethical conduct than those in earlier generations.
When it comes to technology use and abuse, their beliefs are enough to keep security and compliance professionals up at night. Millennials are willing to keep copies of confidential records at a higher rate than other generations – a big concern in today’s world, where our deepest corporate secrets are often in electronic format making them easy to copy, and transmit or remove). Also, millennials feel it’s more acceptable to blog or tweet negatively about employers, and that it’s acceptable to take home a copy of work software for personal use, according to the Ethics Resource Center findings.
Millennials also are more likely to let the ends justify the means. As they’re working through ethical dilemmas and moral challenges, they might not think about the “how” as much as the “what.” And their beliefs about what is good, what is moral, or what is right might not always align with the values of their employer.
Consider How You Are Getting Your Message Out
The next step is to consider how you share information about your culture, policies and expectations with your workforce. If your answer is a tried-and-true one rooted in decades past, it’s time to re-evaluate.
Information about your program and expectations should be easy to understand (well-written, simple and free of legalese) easily accessible (through policy management tools, online compliance portals or native applications) and shared with employees when they’re hired.
On the final point, keep in mind that many employees joining the workforce for the first time may not even be aware that an organization has a code, or policies, or that it can limit and control employee behaviors and use of technology while at work. It’s your job to let them know if you want them to follow your policies.
Consider the Content
Just like the methods you use to deploy the messages, consider carefully the experience you provide to your employees. Ask yourself whether you are proud of the quality of your content, at what points during the employee life cycle is the information shared, and how frequently is it being shared?
If you want to have the greatest impact and help truly mitigate risk for your organization consider the following with respect to your content:
- Make it engaging
- Make it contemporary
- Make it relevant
- Make it personal
- Make it short
- Make it constant
- Consider social and collaborative
In order to meet the needs of a changing workforce, it’s time to evaluate your program and your approach. Do what you can this year to close some of the gaps that have developed over time. Building an effective and powerful compliance program requires vision and innovation. Take the time today to think about what your workplace is going to look like in five to 10 years, and start innovating now.