Whatever you choose to do, though, the next step needs to be doing everything possible to make sure it doesn’t happen again instead of breathing a sigh of relief that you got your data back and continuing business as usual. That would seem to be the common mistake here.
Don’t make that mistake.
Security pros, where do you fall on the debate on paying or not paying, and does this report change your thinking?
I have heard these findings before and am starting to think about how I can implement some of them. I think I’m going to encourage more check-ins that are off-camera and use my phone to walk around instead of my laptop.
Whether you purchase an LMS or make some other kind of training resource available to your employees, the fact of the matter is that it is expensive to ignore this issue. Your people likely have skill gaps that hinder their work. They want to fill in those gaps through education and grow with your organization, and if you don’t provide that someone else will.
Kudos to McKinsey for the research, but really just for the first line of this paragraph:
“As an employer, you can’t “yoga” your way out of these challenges. Employers who try to improve burnout without addressing toxic behavior are likely to fail. Our survey shows that improving all other organization factors assessed (without addressing toxic behavior) does not meaningfully improve reported levels of burnout symptoms. Yet, when toxic behavior levels are low, each additional intervention contributes to reducing negative outcomes and increasing positive ones.”
Essentially, if you’re not familiar with email threading, the idea is that if a group of people is sending emails back and forth by hitting the Reply button, and the previous email is copied into the body of the previous email, you don’t really have to read each individual email. At some point, later emails have the entire conversation in them. This means that it’s not necessary to read the “lesser included emails” because you already read them as part of the thread. But, the problem Judge Aaron describes is that while the text is there at the end of thread messages, you’re missing important metadata that is unique to the individual message.
As I said, having worked with Teams messages often I have seen this, where a transcript doesn’t have all of the message metadata, especially the time/dates of each message versus the beginning or end of the chat. If you’re creating those transcripts and not including each message in your production, you might be running afoul of your production requirements.
But, as I said, IANAL, so don’t take my word for it, do your own testing.
A good chunk of these breaches are not someone actually trying to steal data, but just someone trying to either make something more easily accessible outside of the office or taking information when they leave related to things like contact information, maybe some documents they’ve written themselves that they want to keep, etc.
It’s likely that these folks aren’t actively trying to commit some sort of corporate espionage, they just aren’t really thinking about what they do. It might just be that the once-per-year required video just isn’t enough to make it top of mind every day.