Author: Samuel Greengard

In today’s ultracompetitive work environment, few company secrets are as important as what workers earn. And last February, Pixar Animation Studios of Richmond, California, found out just how easily the information can be compromised. With the click of a mouse, someone within the organization—nobody is sure exactly who—sent an e-mail that accurately listed the salaries for each of the firm’s 400 employees. Not only did the public release of the data serve as a huge embarrassment and potentially compromised the firm’s ability to attract top talent, the e-mail raised serious legal concerns centering on the violation of privacy.

On a list of crises for a human resources professional, it ranked right at the top. And, unfortunately, it wasn’t an isolated incident. According to The Computer Security Institute of San Francisco, 75 percent of companies have suffered financial losses, such as financial fraud, theft of proprietary information and sabotage, from computer security breaches. The institute found that the biggest security threat typically comes from inside an organization. “There are plenty of people—hackers and others—looking to steal information or do something malicious,” states Darren Donovan, a senior managing director at Pinkerton Investigation Services, a security and investigations firm in New York City.

Welcome to HR’s newest battleground. As more and more data goes electronic, the risks and threats to the modern organization grow. An unencrypted e-mail sent over an intranet or the Internet can allow crucial information to fall into the wrong hands. A PC without the proper password protection can easily become a fountain of illicit knowledge. And a network without the proper safeguards, including a firewall and audit capabilities, can become a high-tech sieve that lets crooks steal or destroy sensitive data. These days, there’s even cyberterrorism —orchestrated attacks on organizations for political or economic purposes.

Yet, despite the need for sophisticated hardware and software protection, data security has far more to do with policy than product. Notes Chip Mesec, director of product management at Santa Clara, California-based Network Associates, a provider of network security products: “Having the right systems in place is crucial. But unless employees understand the consequences of their actions or inactions, unless they’re educated to follow procedures and abide by rules, all the solutions in the world won’t work.”

For human resources, the implications are clear: In today’s business environment, it’s essential to understand enough about the technology to ensure breaches don’t take place. It’s also crucial to know that employees are using electronic security properly and that HR policies are in place to deal with training, education and compliance. “A tremendous amount of thought and planning is required,” states Kevin Wheeler, vice president of staffing and employee development at Charles Schwab and Co. in San Francisco. Yet, juggling corporate politics, procedures, staffing issues, and educational concerns to secure a workplace can seem overwhelming. Today, it requires a team-oriented approach that involves HR, security, legal and information technology (IT). As Mesec puts it, “Electronic security cuts across departments and divisions, but it always gets back to human resources issues.”

Pay attention to the growing risk.
A quarter-century ago, a typical company conducted the vast majority of its business on paper. Important files and documents were kept under lock and key, and when something was sent to someone across the office or in another part of the country, a set of security precautions was almost always used. In most instances, a document was sealed and sent by courier or registered mail with a signature required at the other end. Paper shredders helped ensure that sensitive documents didn’t wind up in front of the wrong pair of eyeballs.

But today, the move from paper-based systems to electronic data management has turned security upside down. Although breaches have always been part of the corporate landscape—a dishonest or inattentive employee presents a serious concern in any environment—digital data is far easier to duplicate and disseminate “In the past, a fairly limited number of people had access to key data. With the opening of systems to the entire workforce, particularly HR records, people can access and even change information and records. There’s a greater risk of employees accessing information that’s not theirs, and once a problem occurs, people lose confidence,” explains Bill Davies, director of technology at PDS, an HRMS systems vendor with headquarters in Blue Belle, Pennsylvania.

Violators now include a long list of individuals: workers who are disgruntled or have been laid off; contractors; consultants; even good employees who inadvertently destroy, alter or expose crucial data. Moreover, curiosity, gossip and the indiscriminate sharing of data can also lead to crime and a litany of other nightmares.

One thing is clear: today’s crooks are opportunistic—and elusive. A computer left unattended for a moment—and without proper password protection—can serve as an access point for a data bandit. It’s then possible to intercept data from the network using specialized software, tap into confidential files on a PC or a server, and undelete previously erased data from a hard drive, including e-mail. Unless the person storing data has encrypted the information or used a “wipe” delete function to get rid of it, the information isn’t secure.

And all this is just the beginning. Dial-up remote access—an increasingly common tool for telecommuters and traveling employees—is designed to provide entry into a network. Once there, it’s possible to gain access to unauthorized files unless firewalls and other protections are in place. Internet access poses yet another threat. And, as the Pixar case points out, an e-mail message can instantly transport company secrets to someone outside the organization. As Donovan puts it, “The risks are everywhere.”

The Pentagon found out how true that statement is in February. Despite an elaborate effort to protect its vast data bank, computer hackers broke into an unclassified section of its network and conducted “the most organized and systematic attack” ever, according to Deputy Defense Secretary John Hamre. The individuals who conducted the attack examined and possibly altered confidential payroll and personnel data. The assault was one of 250,000 attempts to crack the Pentagon’s security code each year.

But, more often than not, the biggest threat exists within an organization. For example, at Omega Engineering Inc. of Bridgeport, New Jersey, an engineer who doubled as his firm’s network administrator allegedly launched a logic bomb (a hidden malicious program) that deleted every application and file on every hard drive at the company. That resulted in more than $10 million in damage. Three weeks after the network administrator was fired, the program deleted every file on the network. “Employees came to work but couldn’t boot their computers,” Omega’s Director of Human Resources Al DiFrancesco later remarked in ComputerWorld magazine.

Although the man has been indicted by a grand jury and currently is awaiting trial—he faces a maximum five-year sentence and a possible $20 million fine—Omega learned its lesson the hard way. Even sophisticated back-up, recovery and audit software alone can’t prevent an incident. It’s the human side of the equation, well-designed policies and procedures, that make or break an organization.

Take a byte out of crime.
Firewalls, encryption, digital signatures, public keys, security tokens—products like these might make you feel as though you’ve been transported to the far reaches of the IT galaxy. Yet, it’s how people use the tools that largely determines whether key data remain a firm’s bread and butter or become toast. Ask yourself: Who has access to information? What files can specific employees access? What do people do with data? How do they share data? “Human resources should play a central role in determining who has access rights to certain data as well as educating employees how to use security tools correctly,” says Jude O’Reilley, a research analyst at the Gartner Group, a Stamford, Connecticut, market research and consulting firm.

At brokerage firm Charles Schwab and Co., data security has become a religion. With service representatives accessing highly confidential customer account records and servers storing mission-critical data, there’s no margin for error or problems, says Wheeler. As a result, the company conducts extensive background checks on all employees, offers a security briefing during orientation, and then provides booklets, brochures and intranet links that constantly remind employees what they should and shouldn’t be doing. In addition, any employee who works with the public must take a refresher course and exam once a year to ensure that he or she understands company policies and procedures related to data security—including the use of passwords and e-mail.

But the company also goes to great lengths to ensure that human policies mesh with physical security. For example, all service centers and branch offices are equipped with PCs that lack floppy drives and modems—and employees aren’t allowed to bring in any type of foreign media. Only data that have been approved and certified are available through a secure network connection. That makes it extremely difficult to remove or corrupt data, and ensures that viruses won’t wind up in the system. Although such a design can make some tasks, such as training, more difficult because local offices can’t load an updated CD or floppy disk into the PC, “Everyone understands how important it is to make sure that there’s no risk of compromised data,” says Wheeler. Schwab backs all this security with regular spot checks and sophisticated network monitoring that can detect illicit files.

Of course, Schwab’s detailed policies didn’t just happen. They were the result of meticulous planning. A senior vice president of human resources interacts with various other department representatives—including IT, legal and compliance—to put procedures and rules into place and regularly update them through a formal review process. In addition, human resources works with the security department to determine what actions and punishment should occur if an infraction takes place. “Decisions are made on a case-by-case basis, though the company generally has a very low bandwidth of tolerance,” says Wheeler.

In fact, Pinkerton found that 80 percent of a company’s vulnerability to cybercrime is related to inconsistent information security practices, including the use of passwords and standardized log-off procedures. “Passwords, codes, access levels and other tools are crucial, but security is just as much about culture and corporate attitudes as anything else,” says Donovan. And that begins with making clear which data are proprietary and valuable and which are cleared for public release. Many companies don’t adequately inform employees on such issues, he points out. Even worse, far too many organizations don’t bother to ask workers—as well as consultants and outside contractors (who frequently pose an even greater risk)—to sign a confidentiality agreement. The result? Ignorance about how to handle important data and questionable legal liability, if the case ever reaches a courtroom.

“One of the problems is that employees and employers tend to become lax and, over a period of time, pay less attention to policies,” says Burke Stinson, a spokesperson for AT&T of Basking Ridge, New Jersey. In fact, infractions take place despite AT&T handing employees information at orientation and providing them with bulletins and notices that remind them to change passwords, switch off computers at lunch or after work, and use encryption for highly sensitive e-mail.

Consequently, AT&T’s security department conducts regular audits and spot checks to find violations and then sends out notices to employees who haven’t complied with policy. What’s more, temporary employees—particularly in the IT department—aren’t allowed into the system. Ultimately, “It’s the tone you set within an organization. If you have slipshod management and a relaxed attitude, you’re setting yourself up for problems. If you take the risk seriously and use proven methods to make sure workers comply, you greatly reduce the odds of anything catastrophic happening,” he explains.

Build a better strategy through teamwork.
O’Reilley believes that a workable solution always comes down to three key issues: 1) Determining which data are private, 2) who has authorized or unauthorized access to data, and 3) potential ways people can access network-based information. Although it’s IT and security departments that typically put computer security systems in place, HR must communicate the human side of the equation—particularly when data originates and resides within the HR department, he argues.

Among other things, that means mapping out processes and work patterns—often using a team-based approach or a task force that cuts across departments. O’Reilley believes it’s necessary to create a continuum, ranking information from “public” to “business critical” and then putting work models in place that allow appropriate individuals to view appropriate data. In the case of HR data, for example, employees would be allowed to view their own records. A manager who directly oversees a group of workers might have data privileges as well. But the same manager wouldn’t be allowed to view data for other workers, other managers or executives. That becomes the centerpiece of designing security systems and policies. In fact, once rights and privileges have been mapped out within the organization, it’s possible to create secure work teams or departments unrelated to geography. It’s also possible to determine who is violating established policies.

If individuals outside the organization pose a threat, then it’s probably an issue best left to security and IT. However, when the threat is internal, human resources can play a key role in identifying potential violators within the company. In some cases, HR might be aware of previous violations and infractions that could tip off future problems. Routine background checks conducted during the pre-employment process might also provide important clues. In fact, experts say that thorough background checks should be mandatory for network administrators, who are entrusted with enormous power and can wreak havoc if they abuse it.

Dealing with employees who are leaving the organization is just as important. According to Donovan, many security breaches occur when a disgruntled employee—usually somebody who has been fired—is allowed access to his or her PC. Although managers would never dream of letting the person rifle through filing cabinets, they often don’t consider the consequences of allowing that person to log onto his or her computer. “A strict termination policy must be in place, and one that deals with passcodes. A person should immediately be locked out of the system,” he says.

New technology is making it easier to nab crooks and maintain solid security. Biometrics—once the stuff of James Bond films—is beginning to filter into the workplace. Using thumbprint, retina or facial recognition, biometrical devices allow only authorized personnel access to the network, without the hassle of passwords. What’s more, a person is able to log on from any location, and, in the case of facial recognition, the computer monitor can automatically go blank when the individual walks away. In addition, far more sophisticated intranet-based firewalls are cordoning off departments, while encryption is becoming increasingly transparent. In many cases, e-mail is encrypted and decrypted automatically by software running on the PC.

Yet no amount of technology will ever eliminate all cybercrime. As Mesec puts it, “As long as there are people, there will be incidents.” Ultimately, it’s up to human resources—partnering with security and IT—to help employees understand the risks and responsibilities of using computers. Indeed, a byte of prevention goes a long way.

Workforce, May 1998, Vol. 77, No. 5, pp. 53-60.

As pointed out in the main story, organizations these days are facing economic crossroads because of a growing labor and skills shortage. Following are five myths to be aware of as you plan for your company’s future workforce needs.

1. It’s a buyers’ job market.
   Not any more. These days, skilled workers can pick and choose whom they work for. They also can negotiate perks and benefits once reserved for the corporate elite. And the shortage is driving up wages. Consider: In Denver, the demand for skilled telecommunications technicians is so strong that the starting pay for a phone equipment salesperson has doubled to $40,000 a year since 1992. Communications analysts in the same region receive calls from headhunters on a regular basis. That was unheard of only a few years ago. Today, many companies are piling on the perks and benefits, including liberal tuition reimbursement and stock options.

2. Skills shortages center mostly on computers and technology.
   There’s no question that the lack of computer-related skills accounts for some of the problem in today’s labor market. However, the lack of skilled labor permeates many fields. Currently, there’s a shortfall of 300,000 to 400,000 truck drivers nationwide. Within the shipbuilding docks along the gulf, companies are short thousands of marine-grade welders and electricians. All of which are causing backlogs in deliveries and forcing companies to turn away work. Says Joel Kotkin, a senior fellow at the Los Angeles-based Pepperdine University Institute for Public Policy: “Over the last quarter century, there has been a decline in the blue-collar professions. Now, we’re paying the price. There aren’t enough skilled trade workers available.”

3. The lack of skilled labor won’t hurt my company.
   According to the National Manufacturers Association, 48 percent of companies believe their current workforce lacks the ability to read and translate drawings, diagrams and flowcharts. Although companies have pumped up budgets for training, it’s questionable whether workers will be able to keep up. For instance, Kotkin notes that the lack of truck drivers and dockworkers has slowed the delivery of cargo in some parts of the country from three or four days to 15 or 20. “At some point, it becomes a ripple effect and everyone is impacted,” he says.

4. Foreign-born workers take jobs away from Americans, and they accept jobs for less than the prevailing wage.
   In reality, foreign workers account for a small portion of the workforce. The Cato Institute, a think tank in Washington, D.C., sponsored by Jack Kemp’s Empower America, found that the total number of foreign workers receiving visas in 1995 was 99,000, or 0.079 percent of the workforce. Although only one-third of the engineers and scientists in the high-tech arena comes from other countries, firms can’t fill the positions with Americans. And for a very simple reason: the number of Americans trained in engineering and computer science has dropped from a high of 50,000 in 1986 to 36,000 in 1994, Kotkin notes. What’s more, in a review of 230,000 visas granted by the U.S. Department of Labor, the institute found only 418 cases in which a worker was paid less than the prevailing wage.

5. Ongoing layoffs and a robust economy indicate this is only a temporary situation.
   While economic projections have a way of haunting those who make them, most experts say the labor shortage is here to stay. During the 1980s, workforce growth stood at 2.5 percent annually. Today, that figure has dropped to about 1.2 percent, and many expect the figure to slide to below 1 percent in the next century. Fewer bodies combined with jobs that require increasingly sophisticated skills could wreak havoc on the economy. And while some companies continue to lay off workers in droves, it’s mostly high-wage and low-skill positions that have been made obsolete by technology. “It’s a skills mismatch,” says Carol D’Amico, senior research fellow at the Hudson Institute in Indianapolis.

Workforce, March 1998, Vol. 77, No. 3, p. 48.

How to focus on the fctors that determine success.

• Evaluate costs and benefits
  In many cases, the cost of an extranet is negligible for human resources because the outside vendor will handle development and implementation. On the other hand, the benefits can be enormous. It’s possible to cut costs, reduce administrative overhead and provide employees with better service.

• Create a partnership
  An extranet requires solid communication between human resources and the vendor supplying or managing data. Designing an easy-to-use interface is a good start, but data must flow back and forth smoothly and, for employees, transparently. Each extranet should be custom designed to address a company’s specific needs.

• Communicate the benefits
  An extranet won’t succeed simply because an HR department creates a link to a 401(k) provider or HMO. It’s important to publicize the extranet and provide services that attract employees to the site.

• Manage content/provide value
  The interactive capabilities of the Web are one of its greatest strengths. An extranet allows employees to view accounts real-time and model data in ways that weren’t possible just a few years ago. It allows them to search for doctors or use referral services quickly and efficiently. However, employees will use an extranet only if they see value in it — not because it reduces costs for HR. That means content must revolve around the needs of employees and not the desires of HR and a vendor.

• Look for new opportunities
  Because the technology is so new, many potential applications for extranets haven’t yet been considered. Think out of the box and look for new ways to outsource electronically.

It’s a CEO’s worst nightmare: He or she opens the newspaper or switches on the television and watches helplessly as the media dissect and devour the company under his or her control over flimsy ethics and illegal activities. Over the years, a steady stream of scandalous news reports have chronicled the questionable actions of companies like Sears, General Dynamics, Archer-Daniels-Midland Co., NYNEX and, most recently, Columbia/HCA Healthcare Corp. Even after the bad press and legal challenges fade, the results can be devastating. Such a scenario can cost a company tens of millions of dollars in legal fees and lost sales; it can demoralize a workforce and sap productivity. In the end, it can take years for a company to pull out of the tailspin.

Yet, despite more than two decades of intense media scrutiny, public pressure, academic research and corporate ethics programs designed to teach values and integrity, the business world seems unable to curb unethical behavior or improve its own image. Razor-thin profit margins, cutthroat competition, high-pressure sales and bloated workweeks are pushing workers harder than ever before. Combine all this with continued downsizing and a general breakdown of traditional attitudes about trust and loyalty, and it’s not difficult to understand why ethical transgressions are so common. As Michael Hoffman, executive director of the Center for Business Ethics at Bentley College in Waltham, Massachusetts, puts it: “Virtually all companies want to do the right thing, but evidence of unethical behavior keeps piling up.”

The evidence is everywhere. A 1994 Gallup Poll found that among members of the general public, only the government ranks lower than corporations in perceived trustworthiness. A 1996 New Orleans-based Tulane University study, about the effects of personal values and corporate codes of conduct on fraudulent financial reporting, found that two of every five controllers and nearly half of all top executives were willing to commit fraud in role-playing exercises. In fact, 87 percent made at least one fraudulent decision in the course of simulated work situations.

Glance inside the corporation and things are just as disturbing. An April 1997 study by the American Society of Chartered Life Underwriters & Chartered Financial Consultants and the Ethics Officers Association, based in Bryn Mawr, Pennsylvania, found that 56 percent of all workers feel some pressure to act unethically or illegally. The study, titled “Sources and Consequences of Workplace Pressures: Increasing the Risk of Unethical and Illegal Business Practices,” revealed that a head-turning 48 percent of workers admitted they had engaged in one or more unethical and/or illegal actions during the last year. Among the most common transgressions: cutting corners on quality, covering up incidents, abusing or lying about sick days, deceiving customers, lying to a supervisor or underling, and taking credit for a colleague’s ideas.

And the problem seems to be getting worse. The same study found that more than 60 percent of workers feel more pressure than five years ago and 40 percent feel greater pressure than only a year ago. Exacerbating the problem is an unclear definition of ethics, especially as companies go global. A gift in one country might be viewed as a bribe in another, for example, just as taking credit for a colleague’s idea might be considered business as usual at one company but shunned at another. “Ethics is a broad and often murky area,” says Laura Pincus Hartman, director of the Institute for Business and Professional Ethics at DePaul University in Chicago. Adds Carl Skooglund, vice president of ethics at Dallas-based Texas Instruments Corp. (TI): “The workplace is full of ethical confusion, dilemmas and issues.”

What in the world is going on? Why, despite the growing attention to ethics—including university teachings and media attention—is the problem so persistent? It’s certainly not for a lack of action. The Ethics Resource Center, a Washington, D.C.-based organization that helped launch many early corporate ethics programs in the 1980s, found the number of firms with ethics training programs has increased from 7 percent to 40 percent since 1994, when it last conducted a survey. Companies with ethics codes have swelled from 13 percent to 73 percent during the same period. In addition, a growing number of companies are establishing ombudsman positions, confidential hot lines and an array of other mechanisms to catch potential problems before they ever occur.

Obviously, good intentions alone aren’t solving the problem. Says Hoffman: “There’s no question that ethics is an important part of an organization’s identity. Unfortunately, there’s often a disconnect between a company’s objectives and what happens in the real world. The people who set the organizational goals aren’t the ones thinking about ethics and how situations actually play out.”

Today, an ethics strategy must encompass more than hot lines, guidelines and finely tuned human resources policies. A workforce not properly grounded in ethics and a corporate culture not guided by HR managers steeped in making proper decisions is an ethics disaster waiting to happen. Says Michael Deck, a principal at KPMG Ethics and Integrity Services in Toronto: “Decisions are made by individuals. Actions are taken by individuals. Companies are nothing without individual human beings, and that’s where the problems start or end.”

Today’s business climate fosters unethical behavior.
Ethical conflicts are nothing new, of course. In the early 1900s, social pundits debated child labor laws and the idea of improving working conditions at the nation’s factories. That concern spurred a furious national debate on ethics and morality. A half-century later, politicians, government and the courts began scrutinizing sales methods and advertising, hiring practices and equal opportunity. Many of the laws people take for granted today were nothing more than ethical question marks only a few decades ago.

Along the way, the media, shareholders and public watchdog groups also began scrutinizing the activities of companies far more closely—how defense contractors handled government contracts, for example, and how stockbrokers promoted equities to customers. But just as this scrutiny was intensifying, the workplace evolved into a more complex and confusing place than at any point in history.

Ethics programs are a relatively new phenomenon.
Given today’s business climate, the rise of corporate ethics programs hasn’t happened by chance. Although some companies, such as Texas Instruments, began to lay down ethics guidelines in the early 1960s, the idea of training a workforce and offering an ombudsman or ethics officer to handle questions, problems and disputes is a relatively new phenomenon. In the early 1980s, only a half-dozen or so companies nationwide offered ethics training. Today, according to the Ethics Resource Center, 60 percent of all companies have ethics codes, and 95 percent of Fortune 50 firms teach ethics to employees.

At first glance, it might seem like a trend rooted in 1990s sensibility. After decades of a cynical public and the press’ scrutiny of the corporate and political landscape, it could be argued that corporations are finally seeing the light. But other factors also are driving change. The fallout from an Archer-Daniels-Midland price-fixing scandal or Sears’ automotive fiasco (in which mechanics charged customers for service and parts never received) can become a public relations and investor relations nightmare for a company. In fact, the Ethics Resource Center found that two-thirds of its clients asked for assistance in establishing a program only after enduring a front-page scandal.

And then there are the 1991 Federal Sentencing Guidelines. They allow a company with a bona fide ethics program to receive up to a 95 percent reduction in fines if officials are convicted of a felony such as insider trading or fraud. Some say the stampede to ethics programs is little more than window dressing designed to accommodate the Federal Sentencing Guidelines. Yet, regardless of the exact motivation or reason, the fact remains that many companies are developing ethics strategies, and some are shelling out as much as $1 million a year to ensure that problems don’t boil up. Indeed, a growing number of organizations are recognizing the long-term importance of building an ethical organization. “Trust is the foundation for any solid business relationship. You can’t form a close and candid relationship with suppliers, customers and the public if you don’t have a track record of integrity and ethics,” says TI’s Skooglund.

Ethics isn’t only good policy.
A track record established by actions, not merely policies, sets an organization on ethical ground. Retail giant Sears, Roebuck & Co. is an example of how culture can influence individual actions. In the early 1990s, the Chicago company came under intense fire for its automotive repair practices. After an investigation by officials in California, Florida and New Jersey, the attorneys general in 43 states charged the company with systematically overselling parts and services to 933,000 customers. Allegations of wrongdoing included making false and misleading statements, fraud, failure to state clearly what parts and labor were on repair invoices, and false advertising. By the time Sears agreed to accept responsibility and settle the matter for more than $40 million, the company was reeling from bad press and dismal public opinion.

Sears found itself under siege for a very basic reason, experts say. It had few safeguards against poor workmanship or unnecessary repairs, and it allowed employees to earn commissions on both selling parts and making repairs—a proven recipe for abuse. With tough sales quotas and a lack of customer-satisfaction checks, employees were rewarded for racking up sales whether parts and repairs were needed or not. It was only a matter of time before the situation spiraled inexorably downward, critics contend.

The way Hoffman sees it, ethics problems often spin a tight orbit around organizational objectives. “When a company sets unrealistic sales targets or implementation schedules, the pressure to meet goals gets pushed down through the organizational structure. All of a sudden, you wind up with people who begin to say, ‘I don’t want to mislead my customers, and I don’t want to cut corners. But if I don’t go along with things, I’m afraid I’ll lose my job or wind up falling far behind when it comes to income and promotions.’ That’s when employees begin to do things they wouldn’t ordinarily do.”

KPMG’s Deck has seen plenty of companies that serve up a compelling message but fail to back it with any real actions. Winning the ethics battle isn’t only about how an organization punishes those who engage in unethical behavior, but how the company rewards both good and bad behavior. A company, for example, can provide ethics guidelines and detailed conduct codes; HR can offer superb training and establish an ethics hot line for questions and problems. “But it’s the reward system and the organizational behavior that let people know what the real story is. If a manager turns his or her head and looks the other way when it comes to a top salesman who cheats on an expense account or accepts inappropriate gifts, that sends a powerful message. The desired behavior must start from the top and work its way through the entire organization,” he says.

Such expectations require a CEO who serves as an example of an ethical leader. It means managers are honest and expect honesty from their employees. And, increasingly, it means establishing clear-cut policies, guidelines and rewards—and HR making sure employees fully understand the repercussions of an ethical transgression and that such behavior won’t be tolerated. Remarkably, when researchers Arthur Brief and Janet Dukerich studied executives as part of the Tulane University project, the most disturbing finding wasn’t that executives were willing to bend the rules, but that their personal beliefs about ethics did little to stop them from committing fraudulent acts. In other words, managers almost always knew right from wrong, but didn’t feel obliged to act on those beliefs.

Yes, an ethical environment is possible.
Companies that create an ethical culture frequently avoid sinking into the quicksand. At Texas Instruments, Lockheed Martin and United Technologies, for example, efforts are under way to transform policies into action. Texas Instruments has written and distributed a code of ethics since 1961. It introduced a formal ethics program 11 years ago, after executives at the company recognized that problems were popping up in industry—particularly among defense firms. At the time, about one-third of TI’s business came from defense contracts. “We realized we couldn’t go on autopilot without expecting problems. The simple fact is, there are too many difficult issues and situations for which people have to make judgment calls,” says Skooglund.

While TI’s code of ethics serves as the foundation for the program, it’s not the only tool the company uses. The company communicates with its 60,000 employees by sending a weekly, electronic newsletter over the corporate intranet, and at least one article about ethics is always included. In addition, Skooglund’s five-person staff field questions on everything from benefits conflicts to legal compliance. A toll-free feedback line handles 100 to 120 calls each month, and workers can maintain anonymity, if they so desire. And the company arms employees with a Quick Test that can help guide them through ethics issues.

TI also has worked hard to create an environment in which the ethics office and human resources personnel work closely with one another to resolve problems. If a question arises about sexual harassment or discrimination, for example, it’s up to HR to resolve it—and the ethics office will pass along any phone call or inquiry that pertains to those issues. If, on the other hand, an employee asks a human resources manager whether a gift from a client is appropriate, the manager will refer the matter over to the ethics department. HR also plays a role in briefing new hires about the ethics program and works with the ethics department and other company officials to refine policies and procedures.

At Lockheed Martin Corp. of Bethesda, Maryland, the emphasis is on ethics training for all 200,000 employees. Every year, workers receive one hour of training from their direct supervisor or manager. The company uses a top-down approach: the chairman trains his direct reports, they train their managers and so on. All instructors receive training from an ethics officer; there’s one at each of the company’s 70 business units. (Ethics officers come from finance, marketing, human resources and other departments. Each performs the duties on top of his or her regular job.) The end result? “We wind up with each immediate supervisor having an ongoing ethics dialog with his or her direct reports. That way, we’re not sending out a message that there’s only one person in the entire company who’s capable of handling these issues,” explains Carol R. Marshall, vice president of ethics and business conduct at Lockheed Martin.

The company takes ethics seriously. It too provides a toll-free line for answering questions and dealing with issues. In a typical year, more than 4,000 calls stream in. But the backbone of the program remains the training sessions, which include discussions, video instruction and role-playing. Recently, Lockheed Martin introduced a full-fledged board game, complete with Dilbert (TM) characters, that presents ethical dilemmas and evokes group discussion. “The freer the communication and the more open and honest the environment, the fewer the problems,” Marshall insists.

Although Lockheed Martin administers the ethics program separately from HR, like TI it depends heavily on human resources to provide support for the underlying structure. And it’s not difficult to understand why. Approximately 37 percent of all ethics inquiries involve HR issues, and that means ethics officers must consult with HR and use the department’s expertise to interpret regulations, resolve disputes and consult on ways to reduce future problems. In some cases, HR is able to resolve specific ethics problems on the spot, something the company encourages, and thus avoids the time and expense of a full-scale inquiry.

Hartford, Connecticut-based United Technologies Corp. (UTC) has taken a slightly different approach. Since 1986, the $23.5 billion manufacturing conglomerate has offered a corporate ombudsman who’s responsible for resolving problems and mediating conflicts when they arise. Employees can call toll-free and speak confidentially to a trained representative or submit a written question or statement via the company’s Dialog program. The information is forwarded to the appropriate investigative department for further action and the ombudsman ensures that the person making the report receives a written response. “We’re not agents for management,” says George Wratney, who heads the ombudsman program. In the past 11 years, United Technologies has received more than 43,000 Dialog inquiries and tens of thousands of phone calls. Many of the inquiries have led to direct changes in management and business practices.

Although UTC won’t launch an investigation without cause (“Employees must document and support their complaints, and we don’t sanction wild personal attacks,” says Wratney), the company does take allegations of wrongdoing seriously. It guarantees that employees who submit a complaint won’t find themselves the target of any kind of recrimination. And it backs that up by communicating with an employee only through a home phone number or address and providing other measures to ensure confidentiality. All this has fostered an environment in which only 11 percent of inquiries and complaints are anonymous, and only 3 percent of them involve questions about business practices.

In fact, questioning of business practices isn’t the norm at most companies—although it certainly pops up from time to time. More often, workers struggle with their own ethical questions in relation to work-related issues. Nynex Corp. has found that nearly 50 percent of the calls that stream into its toll-free phone line deal with such issues as disagreements about how an employee can use one’s benefits and what recourse a worker has if he or she doesn’t concur with a job evaluation and can’t resolve the issue with a manager. Hardly the stuff international scandals are made of, says Hartman. Nevertheless, “It’s the day-to-day personal ethical issues that can sink a company,” she says.

Promote an ethics culture in your company.
Of course, developing a corporate culture that fosters ethical behavior is an enormous task, as HR personnel at the above companies can attest to. The problem, experts agree, is that no single approach or cookie-cutter program works for every company. Many experts argue that ethics is relative and sometimes situational, and recognizing that fact goes a long way toward finding solutions. “There’s something to be said for zero tolerance and the message it sends out,” says Hartman. “But managers better think through all the rules and regulations very carefully because they can easily come back to bite the company. It’s possible to wind up with a company that searches bags and snoops on voicemail and e-mail messages. That can raise an entirely separate set of ethical issues revolving around privacy and trust. It also can affect the way workers view the company.”

Hoffman believes it’s important to view ethics in the proper cultural context—particularly for companies doing business in other countries. An unofficial fee to unload boats in one part of the world might be labeled extortion in another. “You have to determine where it’s appropriate and ethically OK for different cultures to embrace different principles. But you have to maintain your own framework of ethical values and not deviate from them,” he remarks.

Although it might seem that human resources plays a tangential role in the ethics debate, KPMG’s Deck says that simply isn’t so. HR can help design programs, advise on strategy and consult on investigations. HR can play an ongoing role in educating and training workers about ethics, he states. And it doesn’t end with a 45-minute lecture and video. “The underlying values of the company need to be visible—and communicated—during the selection process, employment interviews, orientation [sessions] and performance reviews. Only then can a company create a culture that emphasizes ethics.”

Whether the focus on creating ethical cultures will result in fundamental change in Corporate America remains to be seen. Many, like Deck and Hoffman, believe ethics programs will drive behavioral change and organizational improvement over time. Already, federal sentencing guidelines, Conference Board-sponsored symposiums, the creation of an ethics officers’ association and greater awareness of the problem indicate that ethics is getting the attention it deserves, they say. “There always will be room for improvement and progress,” says Hoffman. “But we have come a long way in terms of knowledge and we’ll likely gain more ground in the future.

“A successful ethics program doesn’t come about as a result of pounding workers over the head and telling them they have to be ethical or else,” Hoffman concludes. It comes from understanding that business ethics involves individual and institutional values and that the two are inexorably intertwined. It also comes from recognizing that problems in the corporate world are often systemic and not the result of a few bad apples in the corporate barrel. A company that finds a way to change the system so people can be influenced to act ethically and responsibly is far more likely to succeed.

Although many companies have established ethics programs during the last decade, few have taken such a comprehensive approach as Lockheed Martin Corp. The Bethesda, Maryland-based defense giant has designed an ethics program that’s a model for the corporate world. It offers employee training, a hot line and a variety of written materials.

To begin with, Lockheed Martin distributes a booklet titled Our Values to every employee. It lists the company’s ethics standards and discusses why honesty, integrity and quality are crucial. The booklet also details important values and provides specific behavioral recommendations to readers. Another pamphlet, Ethics in Our Workplace, features detailed discussions on a wide array of topics, including ethics in cyberspace, conflicts of interest, cultural differences and excuses for misconduct. A separate newsletter, Corporate Legal Times, provides self-assessments and information. And a full-fledged board game called The Ethics Challenge offers a litany of ethics issues in an amusing way—featuring characters from Dilbert ™. Employees play the game during ethics training to spur discussion.

The company also spares no effort when it comes to actual training. Every year, all 200,000 employees attend an hour of live ethics awareness training. Instead of the company using consultants or professional instructors, employees’ direct supervisors direct the course—which includes role-playing and free-form Q&A. And that’s true from the chairman downward. The company also provides a three-inch thick binder that discusses the role of the company’s ethics officers and serves up realistic scenarios dealing with sexual harassment, interpersonal communication, and gifts, gratuities and other business courtesies. Finally, there’s a toll-free hot line that brings in more than 4,000 calls a year, and ethics officers are located at all 70 business units worldwide. Says Carol R. Marshall, vice president of ethics and business conduct: “The more people discuss ethics and think about it, the more likely they are to act responsibly.”

Human resources managers can minimize a relocating employee’s anxiety by providing useful resources. Such information not only empowers the employee but also gives HR professionals some relief in handling the complexities of a relocation. Below is a list of Web sites that can address issues such as housing, moving tips, schools and city demographics.

Allied Van Lines
Offers agent locator, relocation news, links to other relocation Web sites and global information.

Argonaut Relocation Services
Offers news, case studies, information and tips.

Atlas Van Lines
Provides an agent locator, an estimator, a newsstand, tips and other sites of interest.

Auto Driveaway
Provides information about customer benefits, such as corporate relocation, fleet and leasing services, and services for financial institutions. In addition, find information about vehicle delivery, liability insurance and licensing.

Bekins
Offers information about long distance and international moves, office relocations and local relocation services.

BR Anchor Publishing
Author Beverly Roman offers an online newsletter, resources and relocation tips.

Century 21 Professional Relocation
Offers relocation packages ($12.95 each) for hundreds of communities around the United States, focusing on shopping, taxes, schools, recreation, transportation and community profiles.

Coldwell Banker
Includes home-buying tips, school and community information, tips on financing a home and real estate listings.

Employee Relocation Council
Provides articles, news, original research, a calendar of upcoming events, a relocation career hotline and more.

Excite
Its City.Net travel service (select the “Travel” channel) features detailed city information for nearly 30 regions, including information about schools, government, parks and weather. It also offers a section devoted to relocation.

Graebel Van Lines
Features details about Graebel’s equipment cargo and move-planning services. Also offers a state-by-state location finder map.

Interstate Relocation Service
Provides information on the full range of relocation services it offers and an e-mail option for comments and questions.

Mayflower Transit
Offers information about the company’s moving services.

Pinnacle Online
Provides online information regarding Pinnacle’s history, services offered, corporate locations, online request forms, statistics, news, events, press releases, articles, frequently asked questions (FAQs), documents on industry issues, photos and much more.

PNC Mortgage
Provides information about program and product services and an extranet for its corporate clients with user IDs and passwords.

Prudential Resources Management
Provides global relocation information, tips for effective international communication and key factors in determining employee success abroad.

RE/MAX
The site offers an interactive search capability for the entire United States and is beginning to post listings worldwide. Also offers other information.

Relocation Journal and Real Estate News
Offers articles, news and information about relocation and expatriate issues.

Relocation Resources
Provides REALNET (community and housing information), brokers’ resources, list of services for corporations and outsourcing and mortgage information.

Rent Net On-Line Apartment Guide
Offers photographs, floor plans, maps and virtual walk-throughs of apartments in the United States and Canada.

Ryder Move Management
Provides electronic newsletter, information about international and domestic management, corporate truck rentals and policy counseling.

The Associates Relocation Management
Provides comprehensive relocation information about administration, homesales, distribution and mortgage assistance for corporations and agencies of the federal government.

United Van Lines
Provides company information, including news on corporate relocations and international moves.

Windham International
The expatriate and international relocation company offers information about cross-cultural issues, global awareness and other related areas. It features an article library on pertinent topics.

Yahoo!
The search engine offers city information for a dozen metropolitan areas. Enter keywords in the search field of the site.

Workforce, September 1997, Vol. 76, No. 9, p. 52.

Protecting employees who travel or live abroad is a challenge. But it represents only half the overall security issue. Increasingly, thieves target products, prototypes or intellectual property contained in a computer or briefcase. And some will go to any length to get the blueprints or marketing plan they want.

Laptop theft is on the rise.
According to Safeware Insurance Co., a Columbus, Ohio-based firm that specializes in insurance for PCs, one of every 14 notebook computers sold in the United States was reported stolen in 1995-a 30 percent increase over the previous year. Most thieves are looking to resell the system or the internal components that can fetch thousands of dollars. But data theft also has become more prevalent. Last year, NEC’s North America marketing plans disappeared from the company’s headquarters when 10 notebook computers were carted off by crooks.

Richard J. Heffernan, who heads a Branford, Connecticut, executive-protection company of the same name says, “There are certain companies whose laptops have been targeted, and anyone who can steal and deliver to an unethical competitor a computer with proprietary information will receive a substantial reward.”

Many foreign airports have become epicenters of crime, ranging from pickpocketing to luggage theft. And with unscrupulous competitors willing to pay huge bounties for the notebook computers of certain companies-as long as the intellectual property is intact-travelers must keep a close eye on their PCs, as well as briefcases.

One of the most common places for crooks to separate a traveler from a computer is at the X-ray machine and metal detector. When a traveler places the object on the conveyor belt for inspection, a thief grabs the computer on the other end before the individual can step through the security check. Another tactic is for an accomplice to block access to the metal detector to prevent the traveler from running after the thief. The Federal Aviation Administration recently began advising travelers to avoid placing a bag on the belt until they’re next in line to pass through the metal detector.

But airport security checks aren’t the only threat to notebook computers and briefcases full of valuable paperwork. Restaurants, public restrooms, gift shops, taxis, offices and other locations pose a serious threat. Occasionally, a brazen thief will even yank the PC away from the person carrying it.

Use these travel tactics.
Yet there are ways to reduce the risk. Arlington, Virginia-based Pinkerton’s managing director of Risk Assessment Services, Frank Johns, stresses the importance of carrying unmarked bags or fictitious labels while traveling. It’s also a good idea to always carry the PC or briefcase and never set it down in a trunk or on a cart. Heffernan recommends using data encryption so the contents of the hard drive will remain secret if the PC is stolen and even removing it from the notebook computer and carrying it in a separate bag or in a pocket. That way, if the bag is lost or stolen, the data-which can be worth hundreds of times the value of a computer-is retained.

A number of vendors also have developed security systems for those on the go. Kensington Microware of San Mateo, California, markets cables for notebook PCs. One end plugs into a socket in the side of the unit, while the other can be wrapped around something stable, such as a desk leg. Once the device is locked, it’s almost impossible to remove without the combination. Another company, Qualtec of Fremont, California, also sells an array of security devices, including locks. CompuTrace , a device that’s produced by a Los Angeles firm called Absolute Software, takes a different approach. Once stolen, a smart agent is activated and the computer dials a special number and notifies the company of the PCs exact location. It’s all done stealthily, and the agent continues dialing until it gets through. The software can even survive a disk reformatting and can circumvent Caller ID blocking.

Workforce, August 1997, Vol. 76, No. 8, p. 35.

One of the most contentious areas of genetic testing promises to center on insurance. Although some experts believe major health underwriters probably won’t alter their group medical coverage to any real degree, there’s no guarantee. In the 1970s, African-Americans with the sickle-cell trait were forced to pay more for insurance than their colleagues-who could’ve easily possessed genes contributing to a slew of other undetectable diseases.

“Insurance is a subject that scares a lot of people,” says Karen Rothenberg, director of the Law and Healthcare Program at the University of Maryland School of Law in Baltimore. Indeed, it ripples far beyond the world of HMOs and primary care physicians. If genetic testing becomes a widespread reality, employers that are self-insured might be tempted to drop employees who pose a financial burden.

And for insurers underwriting life and disability policies, it could significantly alter the dynamics of the marketplace. “No insurance company wants to issue a policy to a person who has a high risk of disease,” says Rebecca Locketz, legal director for the American Civil Liberties Union Workplace Rights Project in Princeton, New Jersey. Such a scenario could make certain types of insurance “unavailable or cost-prohibitive for certain people.”

Another nettlesome issue is how genetic information should be managed. Private insurers typically object to individuals having medical information and not sharing it. Thomas H. Murray, director of the Center for Biomedical Ethics at Case Western University in Cleveland, refers to this as “adverse selection.” Quite simply, it forces an insurance company to accept high-risk clients without charging a price reflective of the risk. Charging higher rates to those who are a good risk makes up the difference.

Nobody’s exactly sure how insurance companies should administer genetically based tests. One alternative is to allow the insurance industry to test individuals-something that could dissuade many from taking beneficial tests for fear of privacy and discrimination. Another tact would be to require those applying for insurance to reveal past genetic test results. A report published by New Brighton, Minnesota-based SmithKline Beecham Clinical Laboratories in 1995 found that no matter which direction things go, one enormous problem remains: “Most disorders result from an interaction between genetic predisposition and environmental factors, so there’s often no clear boundary between genetic and nongenetic conditions and tests.”

Finally, even if genetic testing were to result in an employee being able to seek therapy for a genetically disposed condition, there’s angst over the type of treatments available and how often a patient could seek therapy. Says Rothenberg: “There’s nothing stopping an employer from saying, ‘We’re not going to cover a particular benefit,’ or, ‘We’re going to have to cap a particular benefit.'” If you’re unfortunate enough to have a predisposition to breast cancer, your doctor might recommend a mammogram every year, but the insurance provider might insist on one every three years. That could have a huge impact, from both a medical and financial standpoint.

The only thing almost everyone can agree on is that the issue might ultimately be resolved by some form of an American universal health-care system. Richard Coorish, spokesman for the Washington, D.C.-based Health Insurance Association of America believes that screening for insurance purposes would be eliminated under universal health care. “The whole issue could become moot.” And that could finally pave the way to widespread genetic testing without the stigma.

Workforce, July 1997, Vol. 76, No. 7, p.42.

Just when it seemed safe to assume that the PC-based client/server system would rule the world forever, the idea of centralized computing has suddenly shown new life. However, this time nobody’s talking mainframes—they’re now eyeing Java-based network computers (NCs) or NetPCs running stripped down versions of Windows on Intel chips.

Both types of devices, available for approximately $1,000, require a powerful server to transfer applications and data to the NC or NetPC as needed—files and applications don’t reside on these stripped-down clients. Already, HR and information professionals are leaning toward a thin client model, in which the PCs at employees’ desks remain PCs but depend on a server for at least some of their functionality. Net-centric computing, therefore, seems like a logical next step.

According to a recent report issued by Bloor Research, a British technology consulting firm, network computer devices will outnumber PCs 2-to-1 in corporate offices within five years. In fact, most large users plan to adopt a net-centric architecture over the next three years.

“The distributed model of computing has proven to be a very poor and expensive foundation for the corporate computer network,” the Bloor report says. “The technology constraints that have inhibited the centralized model have largely disappeared or are disappearing.” The report also predicts that the wave of Java programming now beginning to appear will be unstoppable.

Reflecting this trend, shipments of network computers and of NetPCs are expected to mushroom from 1.7 million this year to 35.4 million in the year 2000, Bloor estimates. “The idea that the centralization of computing will ‘disempower’ the user is complete nonsense,” the report stated. “It will have the opposite effect—it will further empower the user by removing from him or her the onerous and unproductive task of having to manage a computer.”

There are still many who believe the PC model is here to stay. But if Bloor and proponents of the network-computing model are right, the HRMS paradigm is likely to be tilted in yet another direction.

Ensure adequate due diligence.
Understanding the inner workings of each company is essential. Not only can it ensure that the firms are in compliance with all laws and regulations, but also it can make the merger much less stressful.

Establish a well-developed rationale.
Although products, manufacturing ability or a sales force might get more attention—and actually serve as the underlying reason for the merger—the human side of the equation is a key element in the success or failure of a merger. It’s up to HR managers to get the necessary information in the right hands and communicate to senior executives—from a financial standpoint—how workforce issues enter the picture.

Understand the possible synergies.
A solid understanding of each company’s workforce and the culture that surrounds each can help HR staff develop policies and strategies that work best in the situation.

Meld the corporate cultures.
Mergers and acquisitions mean more than streamlining and standardizing benefits. It’s essential to use a variety of tools—including workshops, activities and new work teams and task forces—to coalesce cultures.

Set solid communication of goals.
A merger isn’t a time for employees to listen to speeches and view video updates every week. Senior executives and HR mangers must spend time discussing the changes and how they’ll impact the workforce. Honesty is essential. But the communication must go both ways. Venting sessions and forums during which employees can ask questions and get straight answers help alleviate much of the anxiety.

Move quickly during the transition.
One of the biggest mistakes HR professionals can make is to overanalyze and study every program or change that’s contemplated. It’s best to move fast and handle most tasks in days or weeks so that the company and new workforce can forge ahead and reengage in meaningful work.