When was the last time that you sat down at a computer and really thought about computer security?
I’m asking seriously. I don’t mean just a passing thought, I mean really had it top of mind as you worked? If you’re like most workers today, the answer is somewhere between “never” and “infrequently” – we think of computing as a means to an end. In the modern office, it’s the water we swim in – mostly transparent, but omnipresent.
However, cyber threats are running at an all-time high, and everyone is an information worker, touching data that is either critical to the company or the personally identifiable information of another person.
Understanding how that data is used (or abused) is a key part of the defences that employers want to put in place; but this can put them in tension with the employees themselves.
Stepping back a moment, it’s important to see that both groups have entirely legitimate interests.
The company is justifiably concerned with protecting its goods. One hundred years ago, those goods were physical; now they are a collection of ones and zeros, trivially smuggled out on a USB drive, or brazenly uploaded to DropBox.
The employer has both a right and a responsibility to protect the business.
The flipside is that employees have well-founded worries about some of the technology that can be used to secure today’s computers. They feel untrusted, watched, devalued, and above all else, in conflict with the employer when the subject of machine monitoring comes up – even when the stated purpose of that monitoring is not to spy on users, but to protect the very data that is the lifeblood of the company.
What’s a person to do? Both sides have a darn good point. The answer is easy to write, but hard to do. We need to accept that in today’s computing ecosystem there is a “them” and “us”. But it’s not employee vs employer, it’s those who would hurt us, and those that stand by our side.
As employers, we need to change the culture, bringing everyone to the defence. That conversation around the protection of company data and employee privacy is nuanced, complex, and detailed.
It’s going to involve building and maintaining trust and showing respect – real dialogue, not stump speeches. Will it happen in strawman arguments and ultimatums? No. Not at all, and there’s the rub. We have to learn to talk and, more importantly, listen.