Strategic Security

 

 

https://sm.asisonline.org/Pages/Running-on-Empty.aspxRunning on EmptyGP0|#28ae3eb9-d865-484b-ac9f-3dfacb4ce997;L0|#028ae3eb9-d865-484b-ac9f-3dfacb4ce997|Strategic Security;GTSet|#8accba12-4830-47cd-9299-2b34a43444652017-02-01T05:00:00Zhttps://adminsm.asisonline.org/pages/mark-tarallo.aspx, Mark Tarallo<p>​In this age of overload, with organizations trying to do more with less, employees buried in information, and devices that call for round-the-clock urgency, burnout is a malady ripe for our times. Burnout can strike even the most productive workers and the most consistent performers, as well as those who seem to have the greatest capacity for hard work, experts say. </p><p>One reason burnout is such a pernicious problem is that it does not have to be total for its effects to be devastating.</p><p>“Burnout tends to plateau rather than peak,” says Paula Davis-Laack, specialist in burnout prevention programs, founder and CEO of the Stress and Resilience Institute, and author of Addicted To Busy: Your Blueprint for Burnout Prevention. “Burnout exists on a continuum. You don’t have to be completely mentally broken down and barely able to get out of bed to feel major effects.”</p><p>In other words, employees suffering mid-level burnout may still be able to power through and complete an adequate amount of work by sheer force of will, but their partially depleted state greatly hinders their performance and productivity, and it keeps them from realizing their full potential. </p><p>“That can go on for months, or even years, depending on the person’s work ethic,” says management expert Brady Wilson, cofounder of Juice Inc. and author of Beyond Engagement and other business performance books. </p><p>In a field like security, workers can be especially vulnerable to burnout, given the continual pressure and stress that go into protecting people and assets, and the high stakes involved if a breach does occur. </p><p>“Constant job pressure, especially when some of the factors are out of your control like they are with security, is definitely one of the causes of burnout in employees,” says Carlos Morales, vice president of global sales, engineering, and operations at Arbor Networks, which specializes in network security. </p><p>The consequences of burnout are varied; in some cases, they involve serious health issues. Davis-Laack, who became a specialist in the field after burning out as a practicing attorney, says she experienced weekly panic attacks and a few stomachaches that were so painful they sent her to the emergency room. Coronary disease, depression, and alcohol abuse are other possible consequences. </p><p>For the employer, burnout can significantly compromise workplace quality, causing more absenteeism, turnover, accident risk, and cynicism, while lowering morale and commitment and reducing willingness among workers to help others.</p><p>Fortunately, in many cases burnout can either be avoided, with deft management and a supportive organization, or significantly alleviated using various strategic methods. But like most maladies, it must be understood before it can be properly addressed. ​</p><h4>Symptoms and Conditions</h4><p>Burnout occurs when the demands people face on the job outstrip the resources they possess to meet them. Psychologists who study burnout as a condition divide it into it three dimensions: exhaustion, depersonalization, and reduced personal accomplishment.</p><p>When the first aspect—exhaustion—hits, the employee may feel emotionally, physically, and cognitively depleted. This often spurs feelings of diminished powers; challenges that were formerly manageable can seem insurmountable. As Davis-Laack describes her own experience of this condition: “Every curveball seems like a crisis.”</p><p>When depersonalization occurs, an employee may start to feel alienated from his or her own job, and more cynical and resentful toward the organization. Work and its mission lose meaning; feelings of going-through-the-motions increase. Detached and numb, the employee tries to plow ahead. </p><p>Exhaustion and depersonalization often combine to produce the third component of reduced personal accomplishment. As Wilson explains, the depleted employee possesses considerably less “executive function,” or the ability to focus, self-regulate, connect the dots between ideas, strategize, analyze, execute smoothly, and follow through—all of which can be thought of as “the power tools of innovation.” </p><p>“Nuanced thinking and value-added thinking are the first to go when employees are exhausted,” he says. “Instead, they rely on duct-tape fixes, reactivity, firefighting. They don’t get to the root causes of problems and issues.” </p><p>The state of mind that burnout can elicit sometimes leads to self-blame, where the employee feels that he or she is professionally inadequate. But that is unfair, says Davis-Laack: “I don’t want individual workers to feel that it’s all their fault.” </p><p>The root causes of burnout, she explains, are usually a product of what employees bring to the table—work ethic, how closely they tie work to self-worth, their level of perfectionism—and how the organization itself functions, which can be an important factor. </p><p>Understanding key organizational conditions, experts say, will help managers maintain a culture that protects employees from burning out. One of these conditions involves what the organization chooses to reward. </p><p>Wilson explains this as follows. For many years, many organizations stressed the importance of keeping employees engaged. But the definition of engagement has shifted, so that many firms now define engaged workers as those with clear dedication and commitment, who come to work early and stay late. “What’s missing from this definition is passion, enthusiasm, verve, and spirit,” he says. </p><p>When engagement is so defined, increased effort, such as working more hours and taking on more projects, is rewarded. But simply increasing hours at the office does not produce high performance, Wilson says. </p><p>“We get our epiphanies in the shower—we don’t get them when we are determined and gritting our teeth around a board room table. It’s not effort that produces brilliance, it’s energy,” he explains. But sometimes, the more-rewards-for-more-work philosophy can function as an unintentional incentive to burn out.</p><p>The organization’s day-to-day working conditions are also a crucial here. Research has found that two factors can be deadly in sapping an employee’s resources, according to Davis-Laack. </p><p>One is role conflict and ambiguity, which can occur when employees are never clear on exactly what is expected of them, and on what part they should be playing in active projects. “That’s very wearing on people,” she says. </p><p>Another is unfairness, which is often related to office politics. This can include favoritism, failure to recognize contributions, being undermined, or dealing with the demands of never-satisfied supervisors.</p><p>Such stressful conditions push some employees into “gas guzzling” energy mode, because they require so much emotional effort just to cope with them, Wilson says. </p><p>“Substances generated by stress, such as cortisol and adrenaline, have a beautiful utilitarian use—to get us out of trouble, to keep us safe,” he explains. “But we are not as productive when we have a brain that is bathed in those things day in and day out.”  ​</p><h4>Detection</h4><p>Although it is vital for managers to strive to maintain a positive office culture, it’s also important to recognize that burnout can happen even in the healthiest of environments. Given this, Morales encourages attempts at early detection.  </p><p>“As a manager or executive, it is important to first note the factors that tend to cause burnout even before employees begin to show signs,” he says. “This gives you the opportunity to address issues proactively with employees.” </p><p>These factors, he explains, include a very travel-heavy schedule (50 percent or more of total work time); consistently logging work weeks of 60-plus hours; unrelenting expectations of working off-hours and on weekends; and constant deadline time pressure. </p><p>But since early detection is not always successful or even possible in some cases, managers should also be looking for common signs of burnout that their employees might be exhibiting. Morales advises security managers to look for combinations of the following characteristics that are different from usual behaviors:</p><ul><li><p> General lack of energy and enthusiasm around job functions and projects.<br></p></li><li><p> Extreme sensitivity and irritability towards coworkers, management, and work situations.<br></p></li><li><p> Constant signs of stress and anxiety.<br></p></li><li><p>Significant changes in social patterns with coworkers.<br></p></li><li><p>Sharp drop in quantity and timeliness of output.​<br></p></li></ul><p>When looking for signs of burnout, it’s important for a manager to have a high degree of familiarity with the employee in question, a familiarity which is a byproduct of a strong manager-staff relationship. </p><p>“You’ve got to know your people,” Davis-Laack says. “When someone seems more checked out and disengaged than usual, if you know your people well enough, you can spot it.” ​</p><h4>Treatment</h4><p>When it becomes clear that an employee is suffering from burnout, managers have several options for treatment and alleviation, experts say. Morales says he believes that managers must first come to an understanding of the underlying factors, so that they can be addressed.   </p><p>“If there is a workload issue, a manager may be able to spread out the workload with other workers to alleviate the issue,” he says. “It’s important to let the employees know that this is being done to gain more scale, and to reinforce that they are doing a good job.”</p><p>Indeed, crushing workloads are now common in many workplaces, experts say, as many companies are actively cost cutting while attempting to raise productivity and output. And for employees who work with data, such as security employees who use analytics, benchmarks, or some form of metrics, the information explosion is requiring more and more staff hours to keep up with the processing and analysis. Managers must be cognizant of this, Davis-Laack says. </p><p>“If you do nothing but pile work on people—well, people are not robots and they are not computers. They are going to wear out,” she explains.</p><p>To combat this, managers should employ a strategic and honest operations analysis, she advises. The department may be generating more output with increasing workloads, but burnout and turnover risk is also increasing, as is the likelihood of costly mistakes. Is it worth the risk? Hiring additional help or outsourcing some tasks may be cheaper in the long run than the costs due to turnover and errors. </p><p>When a department conducts a strategic review of operations, the focus is often on fixing glitches in process, experts say. A focus on reducing workload is less common, but when it is adopted, it often reveals that certain time-consuming tasks are unnecessary.</p><p>If the burnout is caused by a stressful job function, such as a security position in which the worker is protecting assets of great value, the manager can discuss the situation with the employee and ensure that support is available, Morales says. “This may help them feel less alone or helpless in situations,” he says.   </p><p>Another key strategy for managers is to add extra focus and energy to the resources part of the puzzle, Davis-Laack says. “Help them to build up their energy bank account, so they are not always feeling depleted.” </p><p>She offers five ways for managers to do so:  </p><ul><li><p> Maintain and ensure high-quality relationships between managers and staff members, and between team members themselves. This fosters a healthy and safe environment where problems can be discussed and addressed.  <br></p></li><li><p> Whenever possible, give team members some decision authority. This gives them a sense of autonomy and strength when dealing with issues, and helps avoid feelings of powerlessness. <br></p></li><li><p> Follow the FAST system of respectful feedback—give frequent, accurate, specific, and timely feedback. This helps employees make tweaks and adjustments, and lets them know they are on the right course.  <br></p></li><li><p> Demonstrate that you have the employees’ backs, and always be willing to go to bat for them. Don’t point fingers or complain to higher ups when mistakes are made. This is crucial in building trust.  <br></p></li><li><p> Identify and encourage skills that will help your team members build resilience. These will vary depending on the specific job and situation, but include any skill or resource that can be used when challenges arise, as well as those that help manage stress.  ​<br></p></li></ul><p>In working toward the previous point, managers may want to brainstorm with staff to find ways to make everyone more resourceful. For instance, managers could periodically check in with staff members to determine the team’s overall level of resources, so they can replenish them when they’re low.</p><p>Indeed, soliciting solutions from staff is an excellent practice for managers, because it shows they are partnering with employees, not parenting them, Wilson says. The parenting style of management assumes that the manager has knowledge that the worker will never have, and it sets up the employee for helplessness. The partnering style cultivates the employees’ decision-making skills, so they can skillfully meet their own needs. ​</p><h4>Touchy Subject</h4><p>Burnout can be a sensitive subject. Some workers attach great self-worth to their productivity and performance, and do not like to concede that they are struggling. </p><p>“It is very difficult for some high performers to admit that their engagement is lacking. There’s a sense of judgment associated with that,” Wilson says. </p><p>Some of these workers truly are burned out despite their failure to admit it, and they may be in a precarious state. “I have seen cases where the hardest and most productive workers will not admit to burnout,” Morales says. “In these situations, burnout occurs quite suddenly, without many of the behavioral warning signs.”</p><p>Other employees fear that admitting burnout is disclosing a weakness, one that could prevent them from future promotions or ultimately cost them their job. “They like their work and they don’t want to change jobs, or </p><p>they can’t change jobs because they have monetary obligations,” Davis-Laack says. </p><p>Here, management can go a long way by being proactive and soliciting feedback from workers regarding their state of mind. “It’s important to have regular discussions with employees about the impact of the workload on them personally, and give them every opportunity to talk through their situation, and vent if necessary,” Morales says. “It’s important for management to recognize the potential for burnout and approach employees proactively to discuss it. It provides employees a safe environment in which to talk through the situation.”</p><p>In these situations, a manager can approach an employee with a proactive goal—how can workload and workplace environment be shaped so that the employee is energized in the office, and still has energy left at the end of the day and on weekends for a life outside of work, Wilson explains.  </p><p>Using this framework, Wilson adds that it is often easier for the manager to then ask, “What’s getting in the way of that? Is it bureaucratic interference? Is there too much on your plate? Is there bullying going on, or other workplace environment problems?”  ​</p><h4>More Recognition</h4><p>But while burnout is still a sensitive subject among some workers, there is also a growing recognition that it is a serious issue that needs to be dealt with, experts say. This may be partly driven by recent research in fields like healthcare and finance, where findings suggest that burnout and overwork are causing costly mistakes that are detrimental to a company’s bottom line. </p><p>Moreover, more business leaders see that the problem, if left unchecked, will just get worse in the future, due to factors such as globalization and a web of technology that is becoming more and more complex. “The perfect storm is upon us,” Wilson says.</p><p>Davis-Laack says she is heartened by the fact that the burnout issue, which was frequently dismissed as too “soft” to be a subject at business conferences, is appearing on more agendas. </p><p>“It’s finally starting to get attention across different professions and different sectors,” she says. “Managers are taking it more seriously.” ​​</p>

 

 

https://sm.asisonline.org/Pages/SM-Online-February-2017.aspx2017-02-01T05:00:00ZSM Online February 2017
https://sm.asisonline.org/Pages/Trade-Secrets-2.0.aspx2017-02-01T05:00:00ZTrade Secrets 2.0
https://sm.asisonline.org/Pages/Book-Review---Secrets.aspx2017-01-01T05:00:00ZBook Review: Secrets

 

 

https://sm.asisonline.org/Pages/Running-on-Empty.aspx2017-02-01T05:00:00ZRunning on Empty
https://sm.asisonline.org/Pages/Editor's-Note---Interaction.aspx2017-02-01T05:00:00ZEditor's Note: Interaction
https://sm.asisonline.org/Pages/ASIS-News-February-2017.aspx2017-02-01T05:00:00ZJack Lichtenstein Leaves ASIS, Offers Insights on Trump

 

 

https://sm.asisonline.org/Pages/The-Road-to-Resilience.aspx2017-02-01T05:00:00ZThe Road to Resilience
https://sm.asisonline.org/Pages/Silencing-False-Alarms.aspx2016-12-06T05:00:00ZSilencing False Alarms
https://sm.asisonline.org/Pages/Playing-Clean.aspx2016-12-01T05:00:00ZPlaying Clean

 

 

https://sm.asisonline.org/Pages/The-Road-to-Resilience.aspx2017-02-01T05:00:00ZThe Road to Resilience
https://sm.asisonline.org/Pages/World-Water-Woes.aspx2017-01-01T05:00:00ZWorld Water Woes
https://sm.asisonline.org/Pages/Reducción-de-la-Violencia-en-América-Latina.aspx2016-10-11T04:00:00ZReducción de la Violencia en América Latina

 

 

https://sm.asisonline.org/Pages/SM-Online-March-2017.aspx2017-03-01T05:00:00ZSM Online March 2017
https://sm.asisonline.org/Pages/Legal-Report-March-2017.aspx2017-03-01T05:00:00ZLegal Report March 2017
https://sm.asisonline.org/Pages/Legal-Report-February-2017.aspx2017-02-01T05:00:00ZLegal Report February 2017

 You May Also Like...

 

 

https://sm.asisonline.org/Pages/Running-on-Empty.aspxRunning on Empty<p>​In this age of overload, with organizations trying to do more with less, employees buried in information, and devices that call for round-the-clock urgency, burnout is a malady ripe for our times. Burnout can strike even the most productive workers and the most consistent performers, as well as those who seem to have the greatest capacity for hard work, experts say. </p><p>One reason burnout is such a pernicious problem is that it does not have to be total for its effects to be devastating.</p><p>“Burnout tends to plateau rather than peak,” says Paula Davis-Laack, specialist in burnout prevention programs, founder and CEO of the Stress and Resilience Institute, and author of Addicted To Busy: Your Blueprint for Burnout Prevention. “Burnout exists on a continuum. You don’t have to be completely mentally broken down and barely able to get out of bed to feel major effects.”</p><p>In other words, employees suffering mid-level burnout may still be able to power through and complete an adequate amount of work by sheer force of will, but their partially depleted state greatly hinders their performance and productivity, and it keeps them from realizing their full potential. </p><p>“That can go on for months, or even years, depending on the person’s work ethic,” says management expert Brady Wilson, cofounder of Juice Inc. and author of Beyond Engagement and other business performance books. </p><p>In a field like security, workers can be especially vulnerable to burnout, given the continual pressure and stress that go into protecting people and assets, and the high stakes involved if a breach does occur. </p><p>“Constant job pressure, especially when some of the factors are out of your control like they are with security, is definitely one of the causes of burnout in employees,” says Carlos Morales, vice president of global sales, engineering, and operations at Arbor Networks, which specializes in network security. </p><p>The consequences of burnout are varied; in some cases, they involve serious health issues. Davis-Laack, who became a specialist in the field after burning out as a practicing attorney, says she experienced weekly panic attacks and a few stomachaches that were so painful they sent her to the emergency room. Coronary disease, depression, and alcohol abuse are other possible consequences. </p><p>For the employer, burnout can significantly compromise workplace quality, causing more absenteeism, turnover, accident risk, and cynicism, while lowering morale and commitment and reducing willingness among workers to help others.</p><p>Fortunately, in many cases burnout can either be avoided, with deft management and a supportive organization, or significantly alleviated using various strategic methods. But like most maladies, it must be understood before it can be properly addressed. ​</p><h4>Symptoms and Conditions</h4><p>Burnout occurs when the demands people face on the job outstrip the resources they possess to meet them. Psychologists who study burnout as a condition divide it into it three dimensions: exhaustion, depersonalization, and reduced personal accomplishment.</p><p>When the first aspect—exhaustion—hits, the employee may feel emotionally, physically, and cognitively depleted. This often spurs feelings of diminished powers; challenges that were formerly manageable can seem insurmountable. As Davis-Laack describes her own experience of this condition: “Every curveball seems like a crisis.”</p><p>When depersonalization occurs, an employee may start to feel alienated from his or her own job, and more cynical and resentful toward the organization. Work and its mission lose meaning; feelings of going-through-the-motions increase. Detached and numb, the employee tries to plow ahead. </p><p>Exhaustion and depersonalization often combine to produce the third component of reduced personal accomplishment. As Wilson explains, the depleted employee possesses considerably less “executive function,” or the ability to focus, self-regulate, connect the dots between ideas, strategize, analyze, execute smoothly, and follow through—all of which can be thought of as “the power tools of innovation.” </p><p>“Nuanced thinking and value-added thinking are the first to go when employees are exhausted,” he says. “Instead, they rely on duct-tape fixes, reactivity, firefighting. They don’t get to the root causes of problems and issues.” </p><p>The state of mind that burnout can elicit sometimes leads to self-blame, where the employee feels that he or she is professionally inadequate. But that is unfair, says Davis-Laack: “I don’t want individual workers to feel that it’s all their fault.” </p><p>The root causes of burnout, she explains, are usually a product of what employees bring to the table—work ethic, how closely they tie work to self-worth, their level of perfectionism—and how the organization itself functions, which can be an important factor. </p><p>Understanding key organizational conditions, experts say, will help managers maintain a culture that protects employees from burning out. One of these conditions involves what the organization chooses to reward. </p><p>Wilson explains this as follows. For many years, many organizations stressed the importance of keeping employees engaged. But the definition of engagement has shifted, so that many firms now define engaged workers as those with clear dedication and commitment, who come to work early and stay late. “What’s missing from this definition is passion, enthusiasm, verve, and spirit,” he says. </p><p>When engagement is so defined, increased effort, such as working more hours and taking on more projects, is rewarded. But simply increasing hours at the office does not produce high performance, Wilson says. </p><p>“We get our epiphanies in the shower—we don’t get them when we are determined and gritting our teeth around a board room table. It’s not effort that produces brilliance, it’s energy,” he explains. But sometimes, the more-rewards-for-more-work philosophy can function as an unintentional incentive to burn out.</p><p>The organization’s day-to-day working conditions are also a crucial here. Research has found that two factors can be deadly in sapping an employee’s resources, according to Davis-Laack. </p><p>One is role conflict and ambiguity, which can occur when employees are never clear on exactly what is expected of them, and on what part they should be playing in active projects. “That’s very wearing on people,” she says. </p><p>Another is unfairness, which is often related to office politics. This can include favoritism, failure to recognize contributions, being undermined, or dealing with the demands of never-satisfied supervisors.</p><p>Such stressful conditions push some employees into “gas guzzling” energy mode, because they require so much emotional effort just to cope with them, Wilson says. </p><p>“Substances generated by stress, such as cortisol and adrenaline, have a beautiful utilitarian use—to get us out of trouble, to keep us safe,” he explains. “But we are not as productive when we have a brain that is bathed in those things day in and day out.”  ​</p><h4>Detection</h4><p>Although it is vital for managers to strive to maintain a positive office culture, it’s also important to recognize that burnout can happen even in the healthiest of environments. Given this, Morales encourages attempts at early detection.  </p><p>“As a manager or executive, it is important to first note the factors that tend to cause burnout even before employees begin to show signs,” he says. “This gives you the opportunity to address issues proactively with employees.” </p><p>These factors, he explains, include a very travel-heavy schedule (50 percent or more of total work time); consistently logging work weeks of 60-plus hours; unrelenting expectations of working off-hours and on weekends; and constant deadline time pressure. </p><p>But since early detection is not always successful or even possible in some cases, managers should also be looking for common signs of burnout that their employees might be exhibiting. Morales advises security managers to look for combinations of the following characteristics that are different from usual behaviors:</p><ul><li><p> General lack of energy and enthusiasm around job functions and projects.<br></p></li><li><p> Extreme sensitivity and irritability towards coworkers, management, and work situations.<br></p></li><li><p> Constant signs of stress and anxiety.<br></p></li><li><p>Significant changes in social patterns with coworkers.<br></p></li><li><p>Sharp drop in quantity and timeliness of output.​<br></p></li></ul><p>When looking for signs of burnout, it’s important for a manager to have a high degree of familiarity with the employee in question, a familiarity which is a byproduct of a strong manager-staff relationship. </p><p>“You’ve got to know your people,” Davis-Laack says. “When someone seems more checked out and disengaged than usual, if you know your people well enough, you can spot it.” ​</p><h4>Treatment</h4><p>When it becomes clear that an employee is suffering from burnout, managers have several options for treatment and alleviation, experts say. Morales says he believes that managers must first come to an understanding of the underlying factors, so that they can be addressed.   </p><p>“If there is a workload issue, a manager may be able to spread out the workload with other workers to alleviate the issue,” he says. “It’s important to let the employees know that this is being done to gain more scale, and to reinforce that they are doing a good job.”</p><p>Indeed, crushing workloads are now common in many workplaces, experts say, as many companies are actively cost cutting while attempting to raise productivity and output. And for employees who work with data, such as security employees who use analytics, benchmarks, or some form of metrics, the information explosion is requiring more and more staff hours to keep up with the processing and analysis. Managers must be cognizant of this, Davis-Laack says. </p><p>“If you do nothing but pile work on people—well, people are not robots and they are not computers. They are going to wear out,” she explains.</p><p>To combat this, managers should employ a strategic and honest operations analysis, she advises. The department may be generating more output with increasing workloads, but burnout and turnover risk is also increasing, as is the likelihood of costly mistakes. Is it worth the risk? Hiring additional help or outsourcing some tasks may be cheaper in the long run than the costs due to turnover and errors. </p><p>When a department conducts a strategic review of operations, the focus is often on fixing glitches in process, experts say. A focus on reducing workload is less common, but when it is adopted, it often reveals that certain time-consuming tasks are unnecessary.</p><p>If the burnout is caused by a stressful job function, such as a security position in which the worker is protecting assets of great value, the manager can discuss the situation with the employee and ensure that support is available, Morales says. “This may help them feel less alone or helpless in situations,” he says.   </p><p>Another key strategy for managers is to add extra focus and energy to the resources part of the puzzle, Davis-Laack says. “Help them to build up their energy bank account, so they are not always feeling depleted.” </p><p>She offers five ways for managers to do so:  </p><ul><li><p> Maintain and ensure high-quality relationships between managers and staff members, and between team members themselves. This fosters a healthy and safe environment where problems can be discussed and addressed.  <br></p></li><li><p> Whenever possible, give team members some decision authority. This gives them a sense of autonomy and strength when dealing with issues, and helps avoid feelings of powerlessness. <br></p></li><li><p> Follow the FAST system of respectful feedback—give frequent, accurate, specific, and timely feedback. This helps employees make tweaks and adjustments, and lets them know they are on the right course.  <br></p></li><li><p> Demonstrate that you have the employees’ backs, and always be willing to go to bat for them. Don’t point fingers or complain to higher ups when mistakes are made. This is crucial in building trust.  <br></p></li><li><p> Identify and encourage skills that will help your team members build resilience. These will vary depending on the specific job and situation, but include any skill or resource that can be used when challenges arise, as well as those that help manage stress.  ​<br></p></li></ul><p>In working toward the previous point, managers may want to brainstorm with staff to find ways to make everyone more resourceful. For instance, managers could periodically check in with staff members to determine the team’s overall level of resources, so they can replenish them when they’re low.</p><p>Indeed, soliciting solutions from staff is an excellent practice for managers, because it shows they are partnering with employees, not parenting them, Wilson says. The parenting style of management assumes that the manager has knowledge that the worker will never have, and it sets up the employee for helplessness. The partnering style cultivates the employees’ decision-making skills, so they can skillfully meet their own needs. ​</p><h4>Touchy Subject</h4><p>Burnout can be a sensitive subject. Some workers attach great self-worth to their productivity and performance, and do not like to concede that they are struggling. </p><p>“It is very difficult for some high performers to admit that their engagement is lacking. There’s a sense of judgment associated with that,” Wilson says. </p><p>Some of these workers truly are burned out despite their failure to admit it, and they may be in a precarious state. “I have seen cases where the hardest and most productive workers will not admit to burnout,” Morales says. “In these situations, burnout occurs quite suddenly, without many of the behavioral warning signs.”</p><p>Other employees fear that admitting burnout is disclosing a weakness, one that could prevent them from future promotions or ultimately cost them their job. “They like their work and they don’t want to change jobs, or </p><p>they can’t change jobs because they have monetary obligations,” Davis-Laack says. </p><p>Here, management can go a long way by being proactive and soliciting feedback from workers regarding their state of mind. “It’s important to have regular discussions with employees about the impact of the workload on them personally, and give them every opportunity to talk through their situation, and vent if necessary,” Morales says. “It’s important for management to recognize the potential for burnout and approach employees proactively to discuss it. It provides employees a safe environment in which to talk through the situation.”</p><p>In these situations, a manager can approach an employee with a proactive goal—how can workload and workplace environment be shaped so that the employee is energized in the office, and still has energy left at the end of the day and on weekends for a life outside of work, Wilson explains.  </p><p>Using this framework, Wilson adds that it is often easier for the manager to then ask, “What’s getting in the way of that? Is it bureaucratic interference? Is there too much on your plate? Is there bullying going on, or other workplace environment problems?”  ​</p><h4>More Recognition</h4><p>But while burnout is still a sensitive subject among some workers, there is also a growing recognition that it is a serious issue that needs to be dealt with, experts say. This may be partly driven by recent research in fields like healthcare and finance, where findings suggest that burnout and overwork are causing costly mistakes that are detrimental to a company’s bottom line. </p><p>Moreover, more business leaders see that the problem, if left unchecked, will just get worse in the future, due to factors such as globalization and a web of technology that is becoming more and more complex. “The perfect storm is upon us,” Wilson says.</p><p>Davis-Laack says she is heartened by the fact that the burnout issue, which was frequently dismissed as too “soft” to be a subject at business conferences, is appearing on more agendas. </p><p>“It’s finally starting to get attention across different professions and different sectors,” she says. “Managers are taking it more seriously.” ​​</p>GP0|#28ae3eb9-d865-484b-ac9f-3dfacb4ce997;L0|#028ae3eb9-d865-484b-ac9f-3dfacb4ce997|Strategic Security;GTSet|#8accba12-4830-47cd-9299-2b34a4344465
https://sm.asisonline.org/Pages/SM-Online-February-2017.aspxSM Online February 2017<h4>​BOTNETS</h4><p>The Mirai botnet has been used to launch Distributed Denial of Service (DDoS) attacks with widespread ramifications. Made up of at least 500,000 Internet of Things devices, including Internet-enabled digital video recorders, surveillance cameras, and other embedded devices, the botnet serves as the basis of an ongoing DDoS-for-hire service, which allows attackers to pay a fee to use the botnet to attack the ta​rget of their choice. Higher concentrations of Mirai nodes were observed in China, Hong Kong, Macau, Vietnam, Taiwan, South Korea, Thailand, Indonesia, Brazil, and Spain, according to a<a href="https://www.arbornetworks.com/blog/asert/mirai-iot-botnet-description-ddos-attack-mitigation/" target="_blank"> threat intelligence report by Arbor Networks.​</a></p><h4>DRIVERLESS CARS​</h4><p>In hopes of jumpstarting the development of driverless cars—known as highly automated vehicles (HAVs) in industry parlance—U.S. officials have released <a href="https://www.transportation.gov/AV/federal-automated-vehicles-policy-september-2016" target="_blank">new guidelines ​</a>for operating the vehicles safely and securely. </p><h4>FACIAL RECOGNITION</h4><p>The <a href="http://www.gao.gov/products/GAO-16-267" target="_blank">U.S. Government Accountability Office​</a> reports on the privacy and accuracy of two FBI programs that use facial recognition technology to search a database of 64 million Americans’ images and fingerprints.</p><h4>CYBERSECURITY</h4><p>China passed a <a href="https://www.hrw.org/news/2016/11/06/china-abusive-cybersecurity-law-set-be-passed" target="_blank">controversial cybersecurity bill​</a> that effectively makes it illegal for users to go online anonymously, among other provisions. The law requires companies to verify users’ identities by collecting users’ real names and personal information. </p><h4>INAUGURATION</h4><p>Listen to a special<em> Security Management</em> podcast about the U.S. Presidential Inauguration.</p><h4>RADIOACTIVE MATERIALS</h4><p>Researchers from the U.S. Government Accountability Office (GAO) <a href="http://www.gao.gov/assets/680/678170.pdf" target="_blank">went undercover</a> and were able to buy radioactive material through a fake company, revealing weaknesses in nuclear material regulations. A <a href="http://gao.gov/products/GAO-12-473T" target="_blank">2012 GAO report​</a> found weaknesses in the way medical facilities handled radioactive material; these findings led to changes in the way this material is handled.</p><h4>SURVEILLANCE</h4><p>The United Kingdom enacted legislation dubbed the <a href="http://www.publications.parliament.uk/pa/bills/lbill/2016-2017/0066/17066.pdf" target="_blank">“Snooper’s Charter”​</a> that gives the government widespread powers to spy on citizens and limit the use of encryption.</p><h4>MONITORING</h4><p><a href="http://law.justia.com/cases/federal/appellate-courts/ca7/15-3756/15-3756-2016-10-31.html" target="_blank">A U.S. appellate court decided </a>that a rule requiring electronic logging devices to monitor truck driver compliance doesn’t violate the Fourth Amendment. </p>GP0|#28ae3eb9-d865-484b-ac9f-3dfacb4ce997;L0|#028ae3eb9-d865-484b-ac9f-3dfacb4ce997|Strategic Security;GTSet|#8accba12-4830-47cd-9299-2b34a4344465
https://sm.asisonline.org/Pages/Trade-Secrets-2.0.aspxTrade Secrets 2.0<p>​The enactment of the Defend Trade Secrets Act (DTSA) of 2016 in the United States creates a new paradigm and is a watershed event in intellectual property law. U.S. President Barack Obama signed the bill into law on May 11, 2016, and the DTSA now applies to any misappropriation that occurred on or after that date.</p><p>A trade secret is any technical or nontechnical information that can be used in the operation of a business or other enterprise and that is sufficiently valuable and secret to afford an actual or potential economic advantage over others.</p><p>The law allows trade secret owners to file a civil action in a U.S. district court for trade secret misappropriation related to a product or service in interstate or foreign commerce. The term “owner” is a defined statutory term. It means “the person or entity in whom or in which rightful legal or equitable title to, or license in, the trade secret is reposed,” according to the DTSA.</p><p>Under the DTSA, in extraordinary circumstances, a trade secret owner can apply for and a court may grant an ex parte seizure order (allowing property to be seized, such as a computer that a stolen trade secret might be saved on) to prevent a stolen trade secret from being disseminated.</p><p>With this development in the law, trade secret assets are no longer stepchild intellectual property rights. Trade secret assets are now on the same playing field as patents, copyrights, and trademarks. The DTSA reinforces that a trade secret asset is a property asset by creating this new federal civil cause of action.</p><p>And there is no preemption. The U.S. district courts have original jurisdiction over a DTSA civil cause of action, which coexists with a private civil cause of action under the Uniform Trade Secrets Act (UTSA). The UTSA—most recently amended in 1985—codified common law standards and remedies for trade secret misappropriation at the state level.</p><p>The DTSA also coexists with criminal prosecutions under the U.S. Economic Espionage Act of 1996 (EEA), which makes it a federal crime to steal or misappropriate commercial trade secrets with the intention to benefit a foreign power.​</p><h4>What the DTSA Means</h4><p>A trade secret asset must be managed like other property assets. However, trade secret asset management differs because it first requires the identification of the alleged trade secret asset. Because millions of bits of information within a company can qualify as proprietary trade secrets, it is critical to classify and rank trade secret assets.</p><p>Most companies focus on the protection phase of trade secret asset management without first identifying and classifying their trade secrets. This approach is doomed to fail without a thorough analysis. Unless the company knows what it’s protecting, there can be no effective protection. And all three phases—identification, classification, and protection—must occur before an accurate valuation of trade secret assets can be determined.</p><p><strong>Proof. </strong>Additionally, information assets must be validated in a court of law as statutory trade secret assets. There is no public registry for trade secret assets. The courts require proof of four things: existence, ownership, notice, and access. </p><p>The first element requires proof of existence of the trade secret asset. The litmus test for proving the existence of a trade secret has six factors: the extent to which the information is known outside the business; the extent to which the information is known inside the business; the extent of measures taken to guard the secrecy of the information; the value of the information to the business and to competitors; the amount of time, effort, and money expended to develop the information; and the ease or difficulty with which the information could be properly acquired or duplicated by others.</p><p>The plaintiff must show that he or she owns the trade secret. A misappropriator cannot be the owner of a trade secret.</p><p>However, a person who independently develops or independently reverse engineers the trade secret can be the owner of the trade secret. By using reverse engineering, an employee who has not been granted intellectual property rights in the trade secret asset may also be the lawful owner—instead of the employer.</p><p>For proof of notice, the plaintiff must show that the defendants had actual, constructive, or implied notice of the alleged trade secret. A former employee may use his or her general knowledge, skills, and experience. However, a former employee may not disclose or use the trade secrets of the former employer. Also, the former employer is prohibited from claiming that “everything we do is a trade secret.”</p><p>The court will take judicial notice that there is both unprotected and protected trade secret information in every company. If the line is unclear, the court will draw the line in favor of the former employee. </p><p>For proof of access, the plaintiff must prove that the defendant had access to the alleged trade secret. If the evidence shows that the defendant never had direct or indirect access to the trade secret, and there is no conspiracy claim, there cannot be misappropriation. This is because misappropriation requires proof of unauthorized acquisition, disclosure, or use of the trade secret by the alleged trade secret thief.</p><p><strong>Protection. </strong>The DTSA also requires that the trade secret owner take reasonable measures to protect the secrecy of trade secret assets. This is a much more challenging task today because trade secret assets are no longer at rest in a locked file cabinet in an engineer’s office. Today, trade secrets are in motion and in use via computer systems and networks with access points all over the world.</p><p>Companies must actively monitor the access and movement of critical trade secret assets throughout the corporate enterprise, or risk the serious consequences of forfeiting trade secret assets by failing to take the reasonable efforts necessary to protect these assets.</p><p>The point is illustrated by U.S. v. Lee (U.S. District Court for the Northern District of Illinois, 2009). A 52-year-old senior scientist, David Yen Lee, suddenly resigned from his job at Valspar on March 19, 2009, and bought a one-way ticket to Shanghai, scheduled to leave on March 27.</p><p>One of Lee’s coworkers discovered irregularities in Lee’s work computer. Upon further investigation, an unauthorized program called “Sync Toy” was uncovered in invisible Windows files. It showed that Lee downloaded 44 gigabytes of paint and coating formulas, product and raw material data, sales and cost data, and product development and test information.</p><p>The FBI was informed and brought in to investigate. The bureau raided Lee’s apartment and recovered the stolen trade secret assets before Lee’s flight left for Shanghai. Valspar’s security readiness was directed to protection against outside intrusions. However, there was little security in place to guard against trade secret theft by insiders and trusted employees. </p><p>To mitigate against future insider theft, Valspar set up an internal identification and classification system for trade secrets called the CPR (classify, protect, report) model. Valspar now tracks the movement of all critical trade secret assets within the various computer environments with triggers that are activated if unauthorized activities are detected.</p><p>The reasonable measures necessary for the protection of trade secret assets continues to grow as the risk of sensitive data loss increases by various means: unauthorized uploading of trade secret assets to an insecure cloud or Web application; unauthorized email communications disclosing trade secret information; unauthorized acquisition of highly classified trade secret assets onto USB drives; and undetected incoming malware, phishing emails, and corrupted Web software all facilitate foreign economic espionage and theft of corporate trade secret assets.</p><p><strong>Seizures. </strong>Companies cannot take advantage of the DTSA’s powerful seizure provisions unless effective trade secret asset management protocols are in place before the actual or threatened misappropriation occurs.</p><p>First, the owner must demonstrate, in a sworn affidavit or a verified complaint, that the ex parte seizure order is necessary and that a temporary restraining order is inadequate. Second, that immediate and irreparable injury will occur if the seizure is not ordered. Third, that the person the seizure would be ordered against has possession of the trade secret and property that is to be seized.</p><p>Once the ex parte seizure order is granted, the court must take custody of and secure the seized property and hold a seizure hearing within seven days. Individuals can also file a motion to have the seized material encrypted.</p><p>A court can issue an ex parte seizure order, according to the DTSA, “in extraordinary circumstances” to “prevent the propagation or dissemination of the trade secret” or to “preserve evidence.”</p><p>These circumstances exist when a trade secret thief is attempting to flee the country, if he or she is planning to disclose the trade secret to a third party, or if it can be shown that he or she will not comply with court orders. </p><p>The Valspar case is an excellent example of the necessity for ex parte seizure orders. However, the FBI will not always be there, and the window of time to protect against the loss of trade secret assets and destruction of the evidence will often be shorter than the eight-day period in the Valspar case. This is why a DTSA civil cause of action and an ex parte seizure order are so important to protect U.S. trade secret assets.</p><p>The protection of trade secret assets in these circumstances requires emergency actions. Once lost, a trade secret is lost forever. The DTSA requires that the trade secret Owner file suit, and provide verified pleadings and affidavits to successfully obtain a DTSA ex parte seizure order before the de­f­en­dants know the suit has been filed. </p><p>Otherwise, without the element of surprise, the defendants—often with several clicks of a computer mouse—can transfer the trade secrets outside the country and destroy the evidence of trade secret theft by running data and file destruction software.</p><p>Therefore, to take advantage of the robust provisions of the DTSA, the trade secret owner must be able to move faster than the trade secret thief. This will require that companies develop internal trade secret asset management policies, practices, and procedures. </p><p>The DTSA creates a new paradigm. If management waits until the trade secret theft occurs to identify what the trade secret is and investigate the evidence of misappropriation, the actual trade secret assets will be long gone before counsel can provide the U.S. district court with the proof necessary to obtain an ex parte seizure order.</p><p>The result: if the losses from the trade secret theft are severe, both the board of directors and senior executives of the company can be charged with malfeasance, including the willful failure to take reasonable measures to protect the corporate trade secret assets from insider theft or foreign economic espionage.​</p><h4>DTSA Application</h4><p>What are the next steps in view of the DTSA? Every organization is different. There are no one-size-fits-all solutions. Each trade secret asset manager must audit existing approaches to protecting trade secret assets, the resource allocations within the organization, and any budgeting issues with protecting trade secrets.</p><p>A fundamental first step should be the creation of An internal trade secret control committee (TSCC). The TSCC should be charged with the responsibility to adopt policies and procedures for the identification, classification, protection, and valuation of the company’s trade secret assets.</p><p>The next step should be the creation of an internal trade secret registry (TSR). This is a trade secret asset management system that can be deployed as a cloud-based solution, on a corporate server, or on a standalone work station. </p><p>The TSR should operate like a library card catalog storing necessary trade secret asset information with hash codes and block chaining (a database that sequences bits of encrypted information—blocks—with a key that applies to the entire database) to ensure the authenticity of the data stored in the TSR and to meet the required evidentiary standards in a trade secret misappropriation lawsuit.</p><p>Another necessary step is trade secret asset classification, the foundation of a successful trade secret asset management program. Asset classification allows trade secret assets to be identified and ranked, so that the level of security matches the level of importance of the trade secret asset. There are now automated trade secret asset management tools available to assist companies with the classification and ranking of trade secret assets.</p><p>Security, without identification and classification, is doomed to fail. In contrast, securing data after identification and classification of the trade secret assets makes it much easier for the internal security ecosystem to enforce trade secret protection policies and to prohibit unauthorized access, disclosure, or use.</p><p>Today, software tools can protect the company from mistakes that lead to the forfeiture of classified trade secret assets. If a user attempts to email a trade secret document to unauthorized recipients, the software program will immediately alert the user so the mistake can be corrected. Further, classified trade secret assets can be monitored. Administrators can track abnormal or risky behavior that otherwise cannot be tracked until the trade secret is compromised.</p><p>Developing a trade secret incident response plan (TSIRP) is another critical requirement. The flow of trade secret assets throughout the corporate enterprise should be tracked with built-in red flags, designed to trigger the TSIRP and notify outside counsel to proceed immediately to the courthouse to seek a DTSA ex parte seizure order before the bad actors can destroy the evidence or transfer the stolen trade secret assets outside the court’s jurisdiction.​</p><h4>Employee Management</h4><p>There are other best practices for trade secret assets now that companies are focusing on the various stages of identification, classification, protection, and valuation.</p><p>Building a trade secret culture from the top down, with required training and compliance with TSCC policies, practices, and procedures, is at the top of the list. Companies must promote a trade secret culture by prompting employees and users to stop, think, and consider the business value of proprietary, internal information they are creating, handling, and reviewing.</p><p>The new employee hiring process should include an investigation and certification by the new employee that no proprietary trade secret information of any previous employer is being brought to the company or is being stored electronically in his or her personal email system or other electronic storage locations.</p><p>The prospective new employee should sign an employment agreement with patent and trade secret assignment provisions. He or she should also receive and review the company’s required trade secret policies and procedures.</p><p>When an employee leaves the company, off-boarding procedures should include a mandatory trade secret exit interview. The interview should be conducted under strict procedures adopted by the TSCC, including execution of a trade secret acknowledgement at the conclusion of the interview certifying that all company devices, documents, and materials, including electronic copies, paper copies, and physical embodiments have been returned. It should also certify that all proprietary and confidential information, stored on any personal computer or mobile device, has been identified and preserved, returned, or deleted under the company’s instructions.</p><p>The enactment of the DTSA will usher in a new era. It requires trade secret owners to identify, classify, and protect trade secret assets as property assets. In time, the DTSA will become a precursor for new accounting systems that will provide valuations for trade secret property assets.  </p><p>--<br></p><p><em><strong>R. Mark Halligan</strong>, partner at FisherBroyles LLP, is recognized as one of the leading lawyers in trade secrets litigation in the United States by Legal 500 and Chambers USA: America’s Leading Lawyers for Business. He is also the lead author of the Defend Trade Secrets Act of 2016 Handbook and coauthor of Trade Secret Asset Management 2016: A Guide to Information Asset Management Including the Defend Trade Secrets Act of 2016.  ​</em></p>GP0|#28ae3eb9-d865-484b-ac9f-3dfacb4ce997;L0|#028ae3eb9-d865-484b-ac9f-3dfacb4ce997|Strategic Security;GTSet|#8accba12-4830-47cd-9299-2b34a4344465