Skip to main content
leadership lab

Michael Murphy is VP & country manager, Citrix Canada.

While Canada's reputation for being overly polite can make for some great jokes, it may also be cause for concern for companies. A recent study, The Need for a New IT Security Architecture: Global Study on the Risk of Outdated Technologies, revealed that Canadian IT professionals are among the most concerned in the world about controlling employees' devices and data, yet are the least concerned with enforcing employee compliance with security policies.

This begs the question: Are Canadians shying away from correcting bad security practices?

It wouldn't be the first time businesses have run into problems because of Canadians being "too nice." The same issue was observed in the case of Canadian customers refraining from complaining or providing negative feedback – stifling companies' ability to adjust and improve their services.

However, whether Canadian politeness is the cause or not, with technology integral to success and security risks rising, business leaders must enforce strategies and policies that ensure employees are keeping confidential information safe.

Developing and enforcing policies

Security measures are undermined if leaders and HR don't support IT by creating and implementing security policies across all management levels in all departments. These policies must clearly outline a range of regulations, including whether the company will embrace Bring Your Own Device (BYOD) or provide corporate devices, how costs will be divided, which services will be offered and who is eligible.

It is then up to the organization to enforce these policies. This means setting clear compliance guidelines and repercussions, as well as following through on them when they're broken.

Too often, organizations must deal with employees who have inadvertently caused a security problem when they weren't even aware it was an issue in the first place. There are far too many stories of employees saving private information on their laptops and USBs only to have the devices stolen, leaking confidential information out in to the world. Finally, these policies must apply to all employees.

Even those at the top must follow regulations, sending a message supporting the importance of IT security across all levels of the corporate structure.

Educating employees

Human error is an unavoidable risk factor that every organization faces. With the prevalence of BYOD work cultures, the opportunity for human error to pose a significant security risk increases substantially. In fact, 67 per cent of Canadian IT professionals perceive personally owned mobile devices in the workplace as a disruptive technology and risk to IT security infrastructure.

Going beyond establishing policies and protocols by providing an in-depth yet easy-to-digest explanation as to why they're in place goes a long way to ensuring they are absorbed, understood and respected. Employees should be educated on essentials such as what to do if their device is lost, how to avoid connecting to unsecure networks, which data transfer solutions (eg. Dropbox) are unsecure and how to avoid malicious apps. Introducing training sessions for new employees as well as manuals or guidebooks for day-to-day reference for both new and existing employees can be a straightforward solution.

Adapting to change

Seventy-four per cent of Canadian IT practitioners are concerned that having millennials in the workplace poses a significant risk to security – second only to Japan (79 per cent). As the world's first "connected" generation, millennials are hyperactive on their mobile devices; using apps and social media platforms for both personal and professional purposes. With 90 per cent of respondents also believing that employees' use of social media in the workplace has a negative impact on security – 15 per cent higher than the global average - this causes a problem.

As Canada's largest generation in the workforce, they are the now, and the generation coming up behind them is even more connected. Businesses must accept and embrace this change in tech usage by implementing adaptive IT solutions, practices and procedures that can be flexible without compromising security. This may mean making targeted efforts to show employees how to securely use social media in the workplace.

Of course, responsibility to keep data secure does not entirely fall to the employees. Without the right infrastructure or mobility management solutions in place, companies are at risk. With 73 per cent of IT professionals stating their infrastructure is outdated and inadequate, investment in IT is more critical now than ever, as is a holistic approach to protecting sensitive information that includes both man and machine.

Executives, educators and human resources experts contribute to the ongoing Leadership Lab series. For more articles, go to

Mark Mortensen of INSEAD discusses his findings about teamwork and how knowing what teams others are on can improve workflow

Special to Globe and Mail Update