Appropriate workplace communication covers so much, and the digital age has increased this complexity exponentially. From safe use of email and social media to what employees can legally and morally say and not say, electronic communication is often a compliance minefield. Consider:
- A survey of 500 IT decision makers conducted by Egress found that 44 percent of employees have accidentally exposed sensitive information via email.
- The same survey revealed that 26 percent of employees share unencrypted sensitive info outside the organization, thus increasing the odds of a data breach.
More perilously, communication technology and norms are evolving faster than employees’ ability to adopt best practices. Workers may not see a problem with emailing the entire company to ask people to buy their daughter’s Girl Scout cookies, or being flippant in responding to a customer on social media, or texting private information about a coworker, but the risks are real and not often clearly understood.
True Office Learning has identified several areas of concern regarding appropriate electronic information. Our data provides a blueprint for what risks organizations should be focusing on—and what steps can be taken so that employees are communicating properly, safely, and intelligently.
What the Data Reveals
Over the years, millions of employees across a wide range of organizations and industries have taken True Office Learning courses, including our module on appropriate electronic communication. We’ve accumulated comprehensive data from all those users, and the numbers paint a sometimes optimistic, sometimes scary picture of how employees are digitally communicating with customers and each other.
We assign our collective data an overall percentage score identifying how well users performed on the scenarios they were presented during a course. For our appropriate electronic communication course, 82 percent of employee decisions were consistent with policy and best practice—not bad considering roughly four of five employees are generally understanding key concepts, but troubling because one in five require coaching and feedback in practice in order to obtain proficiency. Compared with other True Office modules, this percentage is low; for example, our diversity course scores a 95, workplace harassment registers a 94, and even conflict-of-interest training comes in at 90.
Our data breaks down scores into subcategories, where the scores are even more concerning:
- Scenarios about communicating electronically—best practices regarding email, smartphones, and social are correctly resolved 77 percent of the time.
- Scenarios about protecting the organization’s reputation don’t fare much better, coming in at 78.
- Scenarios about appropriate use and confidential information each are resolved at 83 percent.
Making reports fared the best at 89, but much reporting is after the fact, in response to a communication incident. Organizations must improve at preventing mistakes and decreasing the need for reports in the first place.
Where Employees Are Failing
No single aspect of employee electronic communication is bringing down the scores—many areas of concern contribute to the problems organizations face. The myriad of struggles includes:
- Passwords: Decades into the digital age, you might think employees are smart enough/not lazy enough to not use “qwerty” or “password” or “123456” as their passwords. Yet those still remain among the most popular passwords, making hackers’ jobs that much easier …
- Phishing emails: Even with the best controls, malicious emails inevitably can slip through to employees’ inboxes. Sometimes, the emails are convincing enough for users to open them, click on links, or download files. Not surprisingly—but nonetheless frighteningly—32 percent of data breaches are the result of phishing attacks.
- Social media: Platforms such as LinkedIn, Facebook, Twitter, and Instagram hold much marketing potential for companies but are risky when employees aren’t using them appropriately. Complaining about work online is becoming the norm (especially because people can gripe behind their screens, anonymously), but when it’s your company someone is complaining about—and their employer is listed in their profile—your reputation can suffer.
- Confidential information: Besides company info, employees can get into trouble by inappropriately sharing details about coworkers or customers, not to mention by accidentally revealing proprietary information. At best, this sharing is unethical or immoral (which is still bad …); at worst, in the case of personal health records, for example, it’s illegal.
- Poor communication with customers: Bad customer service is nothing new, but today, when an employee is rude to the consumer who, in turn, tells the world of the negative experience, the consequences can be much more severe than one lost customer.
- Unsecured communication: Sensitive information and conversations require discretion and security. Opening confidential documents on a personal, unsecured tablet or smartphone that the owner might accidentally leave on the train, for example, endangers that discretion and puts the organization at enormous risk.
- Improper communication with coworkers: Although there are First Amendment rights and NLRB protections for employees who choose to air their workplace grievances on digital channels—including social media, company email, chat messaging, and smartphones—harassment, gossip, and any other communication that is inappropriate or simply unwise can also amplify to risky, potentially litigious levels via these channels.
An underlying reason employees struggle with appropriate electronic communication is that they approach it as they do non-work communication. They may use easy passwords or feel at ease on social media in their personal lives and not think twice about applying the same casualness to their professional habits. They overlook the distinction, but good training can help overcome that gap.
Overcoming Communications Problems
Employees may come into compliance training fuzzy on communication concepts—our data confirms that—but ideally, they leave it smarter and more confident to apply what they’ve learned in practice to their everyday interactions. Adaptive training delivers a unique learning experience to each user, dependent on how they are progressing through a course, so that even the most complex of principles make sense to employees who might be struggling.
Furthermore, learning doesn’t need to end simply because a training course did. Reinforcement tools keep electronic communication best practices top of mind, shore up knowledge for employees who are still struggling, and introduce new concepts and developments, such as a phishing email that shouldn’t be opened or how to properly use a new social media feature. Microlearning and job aids keep learning efficient, interesting, and relevant.
Of course, organizations should be implementing strong electronic communication policies and controls, governing how employees interact with each and how they use mobile devices. Organizations should also protect their systems from user errors (e.g., opening a suspicious email). Proactive measures combined with training help establish a culture of compliance in which all employees not only are responsible for appropriate communication, but also are key stakeholders in creating and maintaining a safe, collaborative, and thriving environment.