Restructuring; outsourcing; relocation; mergers and acquisitions help to ensure the survival of many companies. Alongside the legal processes of such changes, their implementation also has to be carefully handled by skilled HR professionals. Managing the communication of change is a key part of maintaining company morale. Although the UK has officially emerged from the recession the chairman of the Institute of Directors has warned that we’re not out of the woods yet and some companies may still be forced to reduce headcount during 2010.
Securing Communications
Understandably, employees who feel threatened with job loss are more susceptible to fuelling company rumours, with the risk of lowering morale and reducing productivity. The Chartered Institute of Personnel and Development (CIPD) states: “Announcement of redundancies will invariably have an adverse impact on morale, motivation and productivity. The negative effects can be reduced by sensitive handling of redundant employees and those remaining.” Demoralised staff may even be tempted to damage the company reputation or leak company IP in an effort to win kudos with potential employers. Microsoft has warned companies that “malicious insider” breaches were one of the most significant threats companies faced. And it can be costly too – a survey by the Ponemon Institute estimated that the average loss from a data breach incident was £1.73 million and internal negligence was the main factor.
Keeping information about company changes confidential and ensuring that sensitive information circulates only among those who need to know is vital. No one can prevent the “water cooler” gossip that gets shared on a one to one basis in every office. However, with the ubiquity of electronic communications and the ease with which emails and Web mails can be forwarded to hundreds and thousands of recipients, the rumour mill just got a whole lot bigger. And it’s global. During company transitions, HR departments have to be able to prevent confidential information from being leaked between departments via email, Webmail, social networks such as Facebook, MySpace and Twitter and instant messages. To achieve this, incorporating your email and Web channels into your acceptable use policies (AUP) and setting up user groups to protect and secure both email and Web communications is vital.
Nip it in the bud
An example of the consequences of not securing internal communications was the large IT hardware manufacturer that suffered widespread loss of morale and decrease in productivity when a negative email from one of its most senior employees was forwarded outside of the initial recipients group and found its way to the inboxes of every employee in the company. Long term staff realised that they would not be receiving a Christmas bonus and overwhelmed HR and department bosses with complaints. Temporary contractors that read the email realised that their contracts would not be extended beyond March and were consequently less than loyal in the remaining three months of their employment at the firm.
A simple security filtering or encryption solution could have isolated that initial email as soon as it was forwarded outside of the intended recipients group. MailMarshal Exchange and MailMarshal Secure Email Server were specifically designed to work with Microsoft Exchange and automatically prevent emails from being shared outside of HR’s specified user groups. The software works with Active Directory to allow HR to define user groups that are able to receive emails that would be restricted from other departments for legal or ethical reasons.
Keyword rules and file type limits can be set within email filtering products to protect your company against inadvertent or deliberate attempts to flout policy on the content of outgoing emails. By using content filtering products and/or encryption solutions that are designed to work with Microsoft Exchange, your HR department can also ensure that internal emails sent within a particular branch, or country, are compliant with that office’s policies on preventing confidential or other inappropriate content being emailed between employees. This avoids confidential information such as payroll, medical or merger and acquisition information from being leaked between employees. As well as protecting your own company employees against the emotional distress that can be caused by gossip and rumour, such filtering can also help your business to comply with requirements of the Data Protection Act, so your staff can confidently email colleagues without worrying that they might be flouting company policy or risking a security breach.
Conclusion
The first rule of any company change is to channel your communications appropriately. An unsubstantiated rumour can cause far more damage than the truth. No one can doubt the sensitivity required of HR professionals during company transitions such as mergers and acquisitions; relocations; or downsizing. Technology on its own can never provide the complete solution to managing positive internal communications. Effective security results from a blend of people, processes and technology. However, by using technology and setting up simple rules that enforce AUPs, rumours can be nipped in the bud and company IP can be secured, to protect companies from the more pernicious effects of the downturn.
Bruce Green is Chief Operating Officer and President International, M86 Security.