CSO/Leadership

 

 

https://adminsm.asisonline.org/Pages/Bully-Bosses-Can-Inflict-More-Damage-with-Negative-References.aspxBully Bosses Can Inflict More Damage with Negative ReferencesGP0|#28ae3eb9-d865-484b-ac9f-3dfacb4ce997;L0|#028ae3eb9-d865-484b-ac9f-3dfacb4ce997|Strategic Security;GTSet|#8accba12-4830-47cd-9299-2b34a43444652018-05-17T04:00:00Zhttp://shrm.org, SHRM.org<p>​Employees trying to escape a bullying boss, and even those who have managed to land a new position, may be surprised to learn that their workplace nemesis is causing further damage by providing negative job references.</p><p>HR departments similarly may not realize that supervisors are disregarding company policies against giving references that go beyond confirming job titles and employment dates.</p><p>With prospective employers often bypassing human resources and calling supervisors for references, bully bosses can and do impair employees' future job prospects, experts say.</p><p>"In the good old days, the references were HR, and in many cases, in many companies, HR still is the traditional venue. But we've seen a marked shift of interest in calling the former supervisors," said Jeff Shane, president of reference-checking firm Allison & Taylor. "Hiring managers have long since figured out that supervisors tend to be far more talkative."</p><p>Job seekers often wrongly believe that their current or former employers will say nothing negative and do no more than confirm employment, Shane said.</p><p>Many supervisors, however, never receive company training on how to respond to employee reference checks, while many others forget or ignore the policy, he added. His Rochester, Mich.-based firm checks references on behalf of job seekers, compiles reports on responses from former employers, and, if necessary, sends cease-and-desist letters to companies violating policies or even laws by supplying negative references that cross the line into misrepresentations or lies and that could be construed as defamation.</p><p>"We call a great many supervisors as references for individuals. The vast majority of the time, the supervisor has something to say" beyond titles and employment dates; their reviews, even if sincere, often are less than optimal. "In many instances, they know exactly what they're doing" and that the employee is unlikely to ever find out if the negative review caused a missed opportunity, Shane said.</p><p>Nearly half of all reference checks that Allison & Taylor conducts contain some degree of negativity, he said. Even a supervisor who gives an employee a positive letter of recommendation will sometimes go "180 degrees in another direction" when called for a reference, he said.</p><p>Smart firms wanting to avoid litigation coach bosses to give only employment dates, said Gary Namie, Ph.D., co-founder of the Workplace Bullying Institute, which refers bullying targets to Allison & Taylor to learn about feedback from a current or former employer. Often the news confirms a candidate's fear, and "a great many of our clients are totally shocked and devastated" by what is found.</p><p>Job seekers may try to avoid a supervisor's risky review by asking co-workers or others to vouch for them, but people checking references typically believe, incorrectly, that a boss is the most trustworthy source of information on an applicant, Namie said.</p><p>"The person who was bullied doesn't stand a chance if the bully boss is loose-lipped," he added. "These supervisors who are bullies because of their own narcissism are eager to talk and tear this person down." Workplace bullies have reason to lie about their own actions, he added.</p><p>Some vindictive bullies even go so far as to track a bully target who leaves the company and to spread negative comments about the worker to new supervisors, according to Namie and Shane.</p><p>"They can continue to make that person's life very difficult," Shane said.</p><p>Namie's institute considers workplace bullying—repeated mistreatment and abusive conduct—a national epidemic, with 60.4 million Americans affected. Namie says employers are failing to take responsibility for preventing and eliminating it.</p><p>Bosses account for more than 60 percent of workplace bullies, the organization's 2017 survey found.</p><p>Even a supervisor who doesn't provide an overtly negative review can use meaningful pauses and tone to convey a damaging opinion. "Many times, the tone of voice of the reference will speak volumes about their level of enthusiasm or lack thereof for the person we are calling on behalf of," Shane said.</p><p>Online reference-check provider SkillSurvey aims to eliminate both the "tone" problem and situations where references go off the record to unfairly harm a job seeker's chances through its software-based rating system.</p><p>Job applicants must enter more than two references, who then rate applicants in several areas, with all responses kept in confidence and provided to the hiring organization in a report that averages all of the references' ratings. Five is the norm, often with a mix of supervisors and colleagues, according to SkillSurvey CEO Ray Bixler. The references are all provided online—with names removed, ratings averaged and no calls made.</p><p>If four of five references give glowing reviews while a fifth gives lower ratings, the prospective employer might call the applicant in and ask about it, Bixler said. "At least at the very minimum, the client is able to start making decisions of whether it was a rogue reference."</p><p>Many applicants enter more than five references, which can further reduce the damage a bullying boss might inflict, Bixler said. </p><p><em>Dinah Wisenberg Brin is a freelance writer based in Philadelphia covering workplace issues, entrepreneurs, health care, personal finance and logistics.<br><em>© 2018, SHRM. This article is reprinted from <a href="https://shrm.org/" target="_blank">https://shrm.org​</a> with permission from SHRM. All rights reserved. ​​ ​​ ​</em><br></em></p>

CSO/Leadership

 

 

https://adminsm.asisonline.org/Pages/Bully-Bosses-Can-Inflict-More-Damage-with-Negative-References.aspx2018-05-17T04:00:00ZBully Bosses Can Inflict More Damage with Negative References
https://adminsm.asisonline.org/Pages/The-Science-of-Organizing-Security.aspx2018-05-15T04:00:00ZThe Science of Organizing Security
https://adminsm.asisonline.org/Pages/How-to-Lead-a-Diverse-Security-Workforce.aspx2018-05-01T04:00:00ZHow to Lead a Diverse Security Workforce
https://adminsm.asisonline.org/Pages/Certification-Profile---Douglas-Beaver,-CPP.aspx2018-05-01T04:00:00ZCertification Profile: Douglas Beaver, CPP
https://adminsm.asisonline.org/Pages/Editor's-Note---Awareness.aspx2018-04-01T04:00:00ZEditor's Note: Awareness
https://adminsm.asisonline.org/Pages/Four-Trends-That-Will-Shape-Recruiting-in-2018.aspx2018-03-22T04:00:00ZFour Trends That Will Shape Recruiting in 2018
https://adminsm.asisonline.org/Pages/Starting-from-the-End---Creating-a-Master-Security-Plan.aspx2018-03-19T04:00:00ZStarting from the End: Creating a Master Security Plan
https://adminsm.asisonline.org/Pages/Editor's-Note---Timing.aspx2018-03-01T05:00:00ZEditor's Note: Timing
https://adminsm.asisonline.org/Pages/Coachable-Employees.aspx2018-03-01T05:00:00ZCoachable Employees
https://adminsm.asisonline.org/Pages/Fair-and-Neutral.aspx2018-03-01T05:00:00ZFair & Neutral
https://adminsm.asisonline.org/Pages/Certification-Profile---Leon-Beresford,-CPP.aspx2018-03-01T05:00:00ZCertification Profile: Leon Beresford, CPP
https://adminsm.asisonline.org/Pages/Editor's-Note---Incentive.aspx2018-02-01T05:00:00ZEditor's Note: Incentive
https://adminsm.asisonline.org/Pages/Pamela-Cichon,-CPP.aspx2018-02-01T05:00:00ZCertification Profile: Pamela Cichon, CPP
https://adminsm.asisonline.org/Pages/Paved-with-Good-Intentions.aspx2018-02-01T05:00:00ZPaved with Good Intentions
https://adminsm.asisonline.org/Pages/The-Strategic-Leader.aspx2018-02-01T05:00:00ZThe Strategic Leader
https://adminsm.asisonline.org/Pages/Speak-the-Language-of-Payroll.aspx2018-01-18T05:00:00ZSpeak the Language of Payroll
https://adminsm.asisonline.org/Pages/Editor's-Note-Resolutions.aspx2018-01-01T05:00:00ZEditor's Note: Resolutions
https://adminsm.asisonline.org/Pages/Certification-Profile---Darin-Dillon,-CPP.aspx2018-01-01T05:00:00ZCertification Profile: Darin Dillon, CPP
https://adminsm.asisonline.org/Pages/Chase-Leading-Through-Change.aspx2018-01-01T05:00:00ZChase: Leading Through Change
https://adminsm.asisonline.org/Pages/European-Salary-Survey-2017.aspx2017-12-18T05:00:00ZEuropean Salary Survey 2017

 You May Also Like...

 

 

https://adminsm.asisonline.org/Pages/Five-Insights-on-ESRM.aspxFive Insights on ESRM<p>​There are five overall concepts that provide guidance about the nature of enterprise security risk management (ESRM). These concepts describe what ESRM is, what it can do for security managers, how security can gain C-suite approval for it, and how to implement a vibrant ESRM program for the enterprise. </p><h4>ESRM Is a Philosophy</h4><p>ESRM is not a standard, nor is it a rigid set of rules to follow. ESRM is a philosophy of managing security. It is based on standard risk management practices, the same ones that guide most of the other business decisions made by the enterprise. It requires partnership with the business leaders in the organization.</p><p>This philosophy gives the security leader the ability to manage security risks. This ability is not based on the latest incident or scare in the news, nor is it based simply on the manager’s own ideas of what is most important to protect. Instead, it is based on a shared understanding of what the business deems critical for risk mitigation, and what level of risk the business is willing to accept in different areas. This ability also requires that the business fully understand why the security risk mitigation tactics have been put in place, and what the impact of not having those mitigations might be. </p><p>The emphasis here is on business. ESRM philosophy recognizes that security risk does not belong to security. It is a business risk, like any other financial, operational, or regulatory risk, and final decisions on managing that risk must belong to the business leaders. That shift in understanding sets a security program up for a greater level of success because security leaders are delivering only what the business needs, and, more important, what the C-suite understands that it needs.​</p><h4>ESRM Is a Process </h4><p>ESRM is not merely an academic philosophy. A general approach for setting up and running a security program can be derived from it. Under that approach, ESRM in action is a cyclical program, and the cycle of risk management is ongoing:</p><p>1. Identify and prioritize the assets of an organization that need to be protected.</p><p>2. Identify and prioritize the security threats that the enterprise and its assets face—both existing and emerging—and the risks associated with those threats.</p><p>3. Take the necessary, appropriate, and realistic steps to protect and mitigate the most serious security threats and risks.</p><p>4. Conduct incident monitoring, incident response, and post–incident review, and apply the lessons learned to advance the program. ​</p><h4>ESRM Aligns with the Business</h4><p>Aligning the security program with business requirements is the most critical component of the ESRM philosophy. This means that the security program must receive governance and guidance from the business. We recommend the formation of a security council to ensure this alignment. </p><p>There are several ways to implement a council. It could be a loose, informal group that provides input as needed, or it could be a board-level initiative that has formal roles, meetings, charters, and documented responsibilities for ensuring security compliance. The council can be a venue for discussing security topics and risk management strategies, and it can host resolution attempts for conflicts in the process. </p><h4>ESRM Covers All Security </h4><p>There is no aspect of security that cannot be managed in alignment with the ESRM philosophy.  Many security professionals already practice much of the ESRM philosophy without thinking of it that way. For example, performing a physical security risk assessment on a facility is equivalent to the ESRM steps of identifying and prioritizing assets and risk. And setting up a crisis management plan can be considered an aspect of ESRM risk mitigation, as well as incident response.</p><p>The critical difference between programs that do these activities as part of a traditional security program versus an ESRM program is the consistency of approach in ESRM. In ESRM, these activities are not performed on an ad hoc basis but consistently across all areas of security risk. They are not applied to one area of the organization and not to another. And, vitally, they are not performed in a vacuum by security and for security, but in full partnership with the business leaders driving the decision making process for all risk mitigation.​</p><h4>ESRM Is Possible</h4><p>Implementing ESRM cannot be done overnight.  It’s an iterative process that allows your security program to evolve over time into a pure risk management approach. For the security manager, the first step to fully understanding the ESRM philosophy is to communicate it to the executives and business leaders in the enterprise.  </p><p>When implemented thoughtfully and practiced consistently, ESRM can completely change the view of the security function in any organization. The old view of security as “the department of no” will shift when business leaders understand that security is a partner in ensuring that the assets and functions of the enterprise most critical to the business are protected in accordance with exactly how much risk the business is willing to tolerate.  </p><p><strong><em>Rachelle Loyear i</em></strong><em>s ESRM Program Manager for G4S and chair of the ASIS Crime Management and Business Continuity Council. </em><strong><em>Brian J. Allen, Esq., CPP,</em></strong><em> is a member of the ASIS ESRM Commission. Allen and Loyear are coauthors of </em>The Manager's Guide to Enterprise Security Risk Management <em>and the forthcoming book </em>Enterprise Security Risk Management: Concepts and Applications.</p>GP0|#28ae3eb9-d865-484b-ac9f-3dfacb4ce997;L0|#028ae3eb9-d865-484b-ac9f-3dfacb4ce997|Strategic Security;GTSet|#8accba12-4830-47cd-9299-2b34a4344465
https://adminsm.asisonline.org/Pages/What's-New-in-Access-Control.aspxWhat's New in Access Control?<p>​Innovation in access control is quietly heating up. The industry is ready to implement innovations on a broad scale that have been just out of reach. Demand for virtual credentials is growing, facial recognition technology is both technically and economically feasible, and migration to the cloud is increasing—and increasingly beneficial. Over the next few years, market adoption of these advances will transform the ways security professionals operate and organizations benefit from their access control systems. </p><p><strong>Virtual credentials and mobile access technology</strong></p><p>The demand for virtual credentials and mobile access is intensifying, driven in part by younger members of the workforce who never go anywhere without their smartphones. Suffice to say, most employees wouldn't turn their cars around for a forgotten physical credential, but they'll certainly restart their commutes to collect forgotten smartphones. </p><p>The benefits are simple: convenience, compliance, and satisfaction of workforce demand. Everyone carries their phone, security professionals enhance their management capabilities, and employees can stay on the move. By including the credential in a mobile device, embedded in an app, organizations can also provide novel security capabilities, such as threat reporting and virtual photo ID. </p><p>The good news is that virtual credentials and mobile access technology have progressed to the point that they are easier to implement. Migration is straightforward, and implementation does not need to be all-or-nothing. Instead it can be taken in phases leading to an interim hybrid approach that includes physical and virtual credentials. </p><p><strong>Facial recognition</strong></p><p>Facial recognition offers the advantage of using existing access control rules, while reducing the friction of the user experience. </p><p>Picture a busy New York City high-rise office building with turnstiles that control access to an elevator lobby. There are always a few employees who have to search their pockets or backpacks to fish out a physical credential. Implementing facial recognition eliminates that bottleneck. The software scans people as they approach the turnstile and transmits a virtual credential to the access control system. Where a line might otherwise have formed, authorized employees now pass through turnstiles efficiently. </p><p>Facial recognition access control is no longer out of reach. Today's computing power can be combined with increasingly high-definition cameras and advanced recognition algorithms to bring the costs of implementation way down. </p><p><strong>Access control in the cloud</strong></p><p>The access control server is the nerve center of an access control system, but it no longer needs to physically exist. The increasing prevalence of the cloud eliminates that necessity. </p><p>Rather than dealing with the maintenance of a physical server, the speed and convenience of the cloud can handle everything a hardware box used to. This advance allows for increased scalability. And it provides flexibility in how security professionals purchase and use access control servers. Now the integrator or manufacturer can reduce end user burden and cost by ensuring that systems are backed up and updated remotely.<strong> </strong></p><p><strong>What's next?</strong></p><p><strong></strong>Innovations in access control systems will drive the industry over the coming years. Novel credentials, such as mobile access and face recognition technology, combined with cloud-based servers will deliver an altogether improved experience. </p><p><em>John L. Moss is CEO of S2 Security.</em></p>GP0|#cd529cb2-129a-4422-a2d3-73680b0014d8;L0|#0cd529cb2-129a-4422-a2d3-73680b0014d8|Physical Security;GTSet|#8accba12-4830-47cd-9299-2b34a4344465