Cyber Attacks & Municipalities: A Tale of Two Communities

“There are only two types of companies: Those that have been hacked, and those that will be.”, 

Robert Mueller, FBI Director, 2012

Executive Summary

In 2018, many municipalities in North America fell victim to cyber-attacks, and in particular ransomware. This study reviews two municipalities, Atlanta, Georgia, and Wasaga Beach, ON whom both were impacted as a result of a malicious attack on their networks.

Atlanta

Atlanta (pop. 486 000) was hit in March 2018 with a cyber-attack through ransomware. A ransom of $51 000USD was demanded but not paid. Over the next few days, critical systems and activities were taken offline as city staff struggled to regain access to systems. Impact included:

·       Public Wi-Fi disabled

·       30 mission critical applications disabled

·       8 000 employees were unable to access their email or networks for days

·       Citizens were unable to pay fines or parking tickets

·       Forms had to be completed by hand as systems restored

·       Many official documents were not recoverable

Final tally was close to $10 Million, including costs for additional contractors, system upgrades, new technology and computer replacement.

Wasaga Beach

Wasaga Beach (pop. 21 000) was hit in April 2018 with a similar type of ransomware attack. Initial demand for close to $150000 was reduced to  $35 000 and paid by the municipality. Despite this, the town was impacted for weeks even with recovery efforts. 

Impacts included:

  • Government data inaccessible for weeks
  • Systems had to be re-imaged and rebuilt
  • Payroll systems hampered

Final tally close to $252 000, including $50 000 for consulting,  $160 000 for lost productivity and overtime, system upgrades, new technology and computer replacement. Some costs carried into 2019 Budget Year.

How to be Prepared in Your Municipality

While Atlanta and Wasaga Beach are different sizes, they both suffered similar negative impacts due to a malicious attack, and having inadequate preparation for the type of attack that hit each separately.

Being prepared begins with a proper security risk assessment and review of the security practices and processes currently in place. Assessments should typically review such areas as:

  • Technology in place for security controls
  • Policies and standards related to Information Security
  • Training and awareness in place with staff
  • Incident Response plans
  • Disaster Recovery Plans 

Municipalities should also consider:

  • Training for IT staff on cybersecurity
  • Cyber Insurance
  • Testing and training of staff on cybersecurity issues
  • Use of third parties with cyber specialization to complement skillset of internal team.

Conclusion

Cyber Attacks can be indiscriminate and attack all levels of companies including municipalities large and small. However they can also target municipalities, due to limited IT budgets, strained technical resources and small if any dedicated security personnel.

Municipalities should take proactive measures to prepare for cyber-attacks and reduce the impact and likelihood of financial costs and loss of services.

“The effectiveness of one’s security program belongs to those who see the possibilities
before they become obvious.”, 
Michael Castro, 2018

RiskAware is a boutique Cybersecurity firm, specializing in Security Governance and Strategy, assisting organizations of all sizes with security and risk advisory services and security-on-demand capabilities.

RiskAware can be contacted at [email protected] or visited at www.riskaware.ca

 

Share

Cyber Security and Municipalities: Balancing Risk and Budget

Weak or nonexistent cybersecurity programs represent a massive organizational risk for municipal government agencies across North America, and of course Canada. Municipal leaders are often unaware of these risks because they assume that security is addressed or believe that a threat is minimized as a public sector organization.

In 2018, reports from three Ontario municipalities, one in BC and one in Quebec surfaced. All around ransomware, and all impacted adversely the operations and privacy of their records and impacting their constituents. Each also had a financially impact to the municipalities as each had to work to eradicate the malware, recover data or pay ransoms.

While ransomware attacks are often indiscriminate and are about disruption, other attacks are imminent that also hinge on weak security measures and experience. Theft of data from the public sector is valuable and should not be overlooked. Land deeds, mortgage information, birth and death records, SIN numbers and more, all constitute Personally Identifiable Information (PII) and all can equate to valuable dollars to those who can use them for further criminal activity.

Municipalities need to be looking at various areas to shore up cyber security for their offices and staff and help reduce the risk associated with these threats.Actions can include but not limited to:

-Developing a cyber security strategy to combat threats and understand security posture

-Implementing technology and security tools to handle threats as they emerge

-Awareness training for staff to help know when threats like phishing email are present

-Developing a information security policy for all staff to follow

Cyber threats is a multi billion dollar industry for cyber criminals. Municipalities are not immune to the threats that are present every day. Each municipal leadership team should look at their own areas and determine what steps are needed to be performed.

In the end it is not IF a cyber attack will affect them but rather WHEN and HOW impactful it will become.

 

Interested in an assessment or virtual CISO services? Feel free to drop a line

 

Michael Castro

Founder and Principal, RiskAware Group

[email protected]   www.riskaware.ca

 

 

 

Share

Blunders managers often encounter when attempting to resolve workplace disputes

In today’s workplace employee conflicts may and do happen. Sometimes they begin as simple matters which escalate into significant issues in the workplace causing lower performance and productivity resulting in lack of communication, misunderstanding of the intent, personality clashes or different perceptions and values.  

 

It is vital to deal with employee conflict, whether minor or significant, in a timely fashion to preserve a positive, healthy work environment and to evade any increase or collateral damage among work teams and others departments. 

 

We are finding that managers often do not respond accordingly to the issues of conflict in the workplace. In many cases, it is for lack of experience, fear of retaliation against them, insufficient training and lack of confidence. Sometimes they find it easier to avoid and ignore then tackle the sensitive issues.   

 

When issues are not dealt with quickly and efficiently in the workplace, they tend to fester and develop in magnitude. When an employer has contacted me, the situation usually has been growing underground, so to speak, for some months before it explodes in either the HR office or before the managers. Typically, at this point, the problem is more complicated, involves more staff and takes more effort and time to resolve. At times it may even undermine the staff’s confidence in the manager’s ability to manage. 

 

Some common behaviours of supervisors and managers which may have a negative impact on the managing of workplace disputes effectively would be ignoring the situation until it is about to “burst”.  

 

When managers disregard challenging situations, when they do come to the surface, they require immediate and urgent action usually at a very inconvenient time to resolve. Some managers tend to overlook an awkward situation altogether until the case is ready to blow up. Then they need to take immediate action to try to deal with it, and this almost always occurs at an inconvenient time, like on a Friday afternoon before a long weekend. Putting your management head in the sand will not make the problem go away, it will only make it worst. Taking action early in the workplace dispute development is usually the best solution, with the most excellent chance of success. 

 

Not dealing with a conflict that is escalating quickly, many managers found themselves frustrated and overwhelmed which could add fuel to the case, potentially affecting the decision-making process and the capability to contain and resolve the situation comprehensively.

 

Another mistake a manager may make is letting the office politics interfere with resolving the conflict. When office politics interfere with the steps of the solution, staff in the workplace goes camping. Taking sides of either the complainant or the respondent. The team that tries to remain neutral (sitting on the fence) only suffer the ongoing bickering of the two parties.

 

The way that employees perceive situations in the workplace are essential to resolving the conflicts in the actions to be taken. A biased move (recognized or not) on the managers part may result in more battles and create permanent barriers in the workplace.  

 

The objective of workplace dispute resolution in the first place is to come to an agreement or solution that is practical and realistic for all parties. So it may mean there is a requirement for conciliation to move forward to resolution by the manager.  

 

Taking a page out of Steven Covey’s “7 Habits of Highly Effective People” book and initially “seek to understand then be understood”.  

 

Sitting down with the employees, listening actively to what they are disturbed about, gathering all the information from both sides and only then attempting to craft a clear picture of what is going on, why and what the options might be regarding resolving or improving things for those caught up in the conflict.  

 

The bottom line is that disputes and conflict in the workplace are not stoppable. Anticipating how to approach these workplace situations beforehand, may put you in a position to be ready to take action when they occur.

 

Monika B. Jensen PhD
TEL: 905-683-9953

WEBSITE: www.aviarygroup.ca
PRINCIPAL
FAX: 905-683-9912

 

 

 

Share

Mental Health Problems and the Workplace

October is Mental Health Month. Recently there has been bigger mindfulness of the impact of mental health problems on individuals and the workplace. The economic impact is realized through direct treatment costs to the health care system as well as indirect costs, such as reduced or lost productivity due to absenteeism.

Mental health problems account for about half of employee absences due to illness each year in Canada for example, 3.5 days lost per employee per year are due to mental health problems. It is estimated that mental illness results in 35 million lost workdays each year in Canada.’

Employees living with mental health problems may feel and behave out of character at home and work. There may be feelings of things not quite right, yet they are unable to pinpoint the problem. Their co-workers, supervisors and family members may start to notice a change in mood and behaviour.

 

 Signs that indicate an employee or colleague may have a mental health problem are:

·      Regular late arrivals or often absent

·      Lack of teamwork or an over-all disinterest in working with co-workers

·      Lower output

·      Increased mishaps or safety problems

·      Numerous complaints of exhaustion or unexplained pains

·      Difficulty focusing, not being decisive or forgetting things

·      Making apologies for missed deadlines or poor work

·      Decreased attention or involvement in one’s work

·      Working excessive overtime over a prolonged period

·      Expressions of outlandish or grand ideas

·      Displays of irritation or pointing the finger at others

 

It is important to highlight that people behaving in these ways may be just having a bad day or week or dealing with a difficult situation in their personal life that may be temporary. A pattern that continues for a more extended period, however, may point to an underlying mental health problem.

 

Stress is a consistent part of life and work, and it can be positive or negative. Unwarranted hurtful stress through life events, including workplace issues, can contribute to mental health problems. Work itself can be expected to generate a certain level of stress associated with meeting deadlines and expectations, the need to feel valued and the loss of control over one’s time.

 

There are many causes of workplace stress. One key to effective stress management is maintaining awareness of the potential stressors and readiness to address them before they become problematic. Some of the most critical sources of work-related stress are listed below.

·    Poor communication

·    Incongruity in work demands, individual ability and amount of control over working practices

·    Work overload and work underload

·    Shift work and/or night work

·    Segregation, isolation and/or unstructured support for home workers

·    Short-term contracts

·    Role conflict, uncertainty and changing roles

·    The uneven weight assigned by management to consultation, support and control

·    Lack of training for managers in communication and people skills

·    Idleness

·    Uncomfortable physical workspace

·    Introduction of new technology, if not planned and gradual

·    The culture of presenteeism, in which an employee feels the need to be seen working at all times

·    Work-life imbalance

·    Home-based stresses that support or feed off of work-based stresses

 

Managing workplace stress can include training for employees to raise awareness about the causes and effects of stress, as well as to learn skills for coping with stress at work and in their personal lives.

 

Research has shown that some job stressors are worse than others, such as jobs that continuously involve imposed deadlines over an extended period and give individuals little control over the day-to-day organization of their work (high demand/low control). These jobs can lead to more than double the rate of heart and cardiovascular problems. As well as significantly higher rates of anxiety, depression and fell of being undermined. High demand/low control jobs also lead to substantially higher alcohol, prescription and over-the-counter drug use, and a significantly higher susceptibility to infectious diseases.’

 

Jobs that require high physical or mental effort but offer little in the way of compensation, status, financial gain or career enhancement (high effort/low reward) also affect employee stress levels. These jobs are associated with triple the rate of cardiovascular problems and significantly higher rates of depression, anxiety and conflict-related problems

 

The health of workers does not have to be compromised by stress. Changes to the workplace can make for a more mentally healthy workplace, especially when employees feel adequately rewarded and have greater control of their work.

 

Mental health problems can seriously affect someone’s ability to work. If left untreated and the mental health problem worsens, the employee may need to stop working altogether.

 

On the other hand, employees may try to continue to work knowing that they are not performing to their usual standards. If mental health problems are acknowledged early, and proper treatment is obtained, most people can quickly return to their regular performance at work, and much unhappiness and suffering can be avoided.

 

Monika B. Jensen Ph.D
TEL: 905-683-9953

WEBSITE: www.aviarygroup.ca
PRINCIPAL
FAX: 905-683-9912

 

 

Share

The answers municipal governments have been looking for?

Municipal governments are facing multiple, growing, and overlapping challenges. Yet, there are tools available to address these challenges that are not being used to their full potential. Market-based policies such as well-designed user fees can help reduce traffic, cut water use, and improve solid waste management, while generating revenue that can be used to fill financial gaps.

These challenges include:

  • Municipal infrastructure is aging and faces a growing investment gap;
  • Municipalities have limited ability to raise revenues. Only so much can be raised from property taxes. They also often face constraints on debt financing; and
  • To attract people and investment, livability is key: cities must provide job and recreational opportunities, ensure affordability, make it easy to move people and products, and protect clean air and water.

Continue reading

Share

Compliance and Preparedness

After Fernie: Ensuring Compliance and Preparedness

On August 29th WorkSafeBC released a 74-page report on their investigation into the tragic deaths of three men following an ammonia leak at an arena facility in Fernie last year.

According to the report: “Poor communication and inconsistent attention to internal auditing, inspections, incident investigation and emergency practice drills allowed for the development of hazardous workplace conditions.”

The report cites multiple Occupational Health and Safety Regulation failures by Fernie, as well as Workers Compensation Act failures by both the city and the service contractor. Fernie received the majority of the violations, including:

  • emergency response procedures that were inadequate or not followed—including failures to train workers and conduct drills
  • failure to perform hazard assessments and inspections of equipment to prevent unsafe working conditions
  • failure to develop and implement an exposure control plan for ammonia

You can read the full report here.

The Fernie deaths are all the more tragic because they were avoidable. Armed with the knowledge of what caused this incident, it is critical to ensure that a similar event does not happen in the future.

Unfortunately, in our professional capacity we have found that numerous ammonia facilities have inadequate emergency response procedures, infrequently reviewed or conducted emergency drills and a significant lack of exposure training and preparedness. In the majority of these cases, management falsely believed they were compliant because they had passed a technical standards inspection and had a document or two on file for emergency response. The Ontario Recreation Facilities Association (ORFA) conducted a webinar on March 29th, 2018 and reported findings consistent with our own: ammonia facility management that failed to keep emergency plans current and practiced, and a lack of competency for unattended refrigeration equipment operators—including being underprepared to deal with a significant ammonia leak.

This false sense of compliance and preparedness most often occurs because management either doesn’t know the right questions to ask, or isn’t sure what a good safety and emergency program should consist of. The situation is made worse when facility managers do not qualify or review service contractors’ programs or methods and/or rely on EMS or fire services to cover emergency protocols, which is not necessarily in accordance with legislative requirements.

Between 2015 and 2018 in North America there have been at least 23 incidents of ammonia releases, including 8 fatalities.

Anyone responsible for the safety of others around ammonia is strongly encouraged to seek professional assistance in the development of their programs and procedures. This begins with responding to the following questions:

  1. How have you fully ensured the safety of all workers and the public in your ammonia facilities?
  2. How are you ensuring that your service contractors have an ammonia program that is complete and compliant for emergency, maintenance and exposure control, and able to integrate with your facilities requirements?
  3. How thorough is your exposure control plan?
  4. How can you verify that your staff, contractors and operators are all competent in following the programs and procedures you have in place and are able to carry out an emergency response to a minor or major leak?

After the WorkSafeBC report on the Fernie incident, ignorance is not a valid excuse for noncompliance when it comes to ammonia safety. A lack of certainty or inability to thoroughly answer any of the above questions can indicate a significant risk to the occupants and users of your facility.

At Barantas, we have been building comprehensive and robust health and safety and emergency response programs since 2002. We go to great lengths to help ammonia facility managers, municipality directors and contractors appreciate what reasonable preparedness can look like.

A professionally performed audit is the only true confirmation of compliance and preparedness.  Let us work with you to ensure you are taking every reasonable precaution to protect those who rely on you to keep them safe while inside your facility. By booking a professional audit today you are taking the first step in preventing an incident tomorrow.

Barantas Inc. – Is a full service provider for all your health & safety needs.  See our profile

Share

Cyber threats and how to protect your municipality

Brad Pinch – Director of Municipal Needs at AccessE11

 

Often, when we hear about securing online systems against cyber-attacks the first thought is to invest time and energy into cybersecurity software. While this is important, and should not be downplayed, did you know that software alone will only defend against a small percentage of cyber-attacks?

Hacker Image

 

The easiest way for someone to breach your security infrastructure is to employ the unsuspecting assistance of your users.

According to PhishMe’s 2017 Enterprise Phishing Resiliency and Defense Report, 91% of all cyber-attacks are a result of people who fall prey to Phishing Attacks. Of the remaining 9% of cyber-attacks, more than 75% are the result of other forms of “human failure” to secure information.

Phishing is an attack that begins with a very targeted email sent to your staff (and perhaps yourself), that often impersonates a service provider, colleague, family member or friend and entices you to click on a link or open a document. This action may include a request for private information that provides the perpetrator with the means to launch a secondary cyber-attack or it may launch an attack directly through the download of malicious software. Attacks can be in the form of spyware, malware, and increasingly ransomware and data theft.

Wombats Security’s – State of the Phish 2018 report– suggests that phishing attack frequency from 2016 to 2017 increased by 48%; phishing is on the rise because it continues to work. Hackers have quickly learned that it requires less energy to trick users into giving them access than it does to circumnavigate the sophisticated security systems deployed today.

6 simple steps that a municipality can do to protect themselves

Here are a few steps a municipality can take to minimize its chances of security breaches and cyber attacks.

  1. Stay Informed and educate your team

Much of the battle against phishing and spear phishing (personalized phishing) attacks is getting users to understanding what this type of attack looks like, so they are less likely to be duped. Phishing relies on basic human conditions:

  1. information overload and shortcuts our brains take to process the information,
  2. a desire to help those we care for and trust of information that (seems to) come from them,
  3. curiosity for new information.

These traits are well known to attackers and are exploited in order to get victims to click on a link or open a document. Emails look like they’re from legitimate sources: Microsoft 365, Google, Dropbox, PayPal, Adobe account, LinkedIn, credit card company and many more.

There is a great infographic called don’t get hooked: how to recognize and avoid phishing attacks from the Digital Guardian. Print it out and post it for all to see.

  1. Keep your software up to date

Malware is being created all the time and is designed to take advantage of newly discovered vulnerabilities in our general use software. Vendors are quick to update their software, but you must update your version in order to be secure. You should regularly, or ideally automatically, update your software:

  1. Browsers (Chrome, Safari, Firefox, etc)
  2. Operating Systems (Windows, MacOS)
  3. Office Software (Outlook, Word, Adobe)
  1. Call before you click

Any email from a bank or colleague can usually be responded to directly, rather than via a reply or by clicking on a link. If there is ever any doubt, call your bank on the phone (using published numbers, not one in the email), or log directly into their website directly – not from the link in the email. By not taking the shortcut, fraudulent links can be avoided.

  1. Install anti-virus software and activate the Anti-Phishing toolbar if available

Antivirus software is designed to guard against known vulnerabilities. Even though today’s operating systems are more secure than ever, security tools look for malicious content in real time and provide an extra layer of scrutiny. And make sure you keep it updated as well.

Internet browsers can also be extended with anti-phishing toolbars. Such toolbars run quick checks on any site you visit and compare it a to lists of known phishing sites. If you stumble upon a malicious site, the toolbar will alert you about it. This is just one more layer of protection against phishing scams, and there are many that are completely free.

  1. Implement Secure Password Policies

As hard as it is to believe, the 10 most common passwords in 2017 were:

  • 123456, 123456789, qwerty, 12345678, 111111, 1234567890, 1234567, password123, 123123, 987654321

It won’t take a hacker long to break these codes.

Equally important though – do not use the same password for everything: If you do, and someone gets access to one system, they can often get access to them all. If you struggle to remember passwords (who doesn’t) there are many excellent tools that can assist:

These programs store an encrypted version of your passwords on your computer and conveniently provide them when you need them. This means remembering only one password.

  1. Beware the Unknown Storage Devices

It is possible the free USB drive that is received from a tradeshow, or the one you found in the parking lot has a virus on it. Sites that sell marketing USB drives unwittingly provide ones that have viruses installed from the source in China, Russia, India, Korea and other countries (yes including the UK, US, and Canada). These were likely never checked by the company who put their information on the drive to give to you.

If a data storage device is not bought by your company or municipality from a reputable source then it should not be allowed on one of your computers, ever!

These are only a few ideas to help better protect your organization from cyber-attacks. The common element in each remains the same; people and their behavior represent the greatest risk but also provide the best defense against cyber-attacks. Any user can open the door to intruders, so ensuring everyone understands the risk and remains vigilant is critical. Investment in the human factor will pay off quickly and be more cost-effective than any other action.

For More Interesting Articles on Issues that Municipalities are facing please visit us at https://www.accesse11.com

Share

Communicating and Listening Non-Judgmentally: Tools for Dealing with Mental Health Issues in the Workplace

I am finding as I train, coach and mediate that the issues in the workplace are becoming more complex. In recent events, some high profile individuals have come to the attention of the media as a result of their actions. We are finding mental health issues are more of a concern and the means to address them is less easy. In this article, I am attempting to share some tools you may want to engage in when speaking with your colleagues or employees.

Communication is not just saying words; it is creating correct understanding. Active listening is an essential skill in the communication process. Dr Marius Pickering from the University of Maine identifies four characteristics of empathetic listening.

Continue reading

Share

Implementation of an Enterprise-wide Common Street Address Database for the City of Hamilton

Problem

The City of Hamilton has many service delivery applications utilizing and storing resident addresses. For example, street addresses are solicited from the resident in a free form method and are never validated against a common address database.  Thus, the City has numerous instances of address databases that are not accurate or consistent, which are used on a daily basis to communicate to the residents. In many cases, these address databases are misused and often invalid addresses cause breakdown of communications.  This has led to embarrassment for the City, anger by the residents and in some cases legal action.

Challenge

The challenge is to establish a single authoritative address database which all service delivery applications can valid against.  Establishing which is most correct and then comparing others to get the best of breed is the greatest challenge.  Other challenges are the adoption of a single authoritative database, “clean up” existing databases and encourage application stewards to use the single authoritative database as truth.

Resolution

The City engaged a subject matter expert to help collect business requirements, design a solution and implement this solution. The technical solution consisted of a consolidated database model, application database cleanup, address maintenance tool, redlining tool for identifying address issues and a method to deliver addresses to other service delivery applications.

Also a sustainability model to ensure that addresses were maintained accurately and on a timely basis by identified stewards. The address model would ensure that new or updated addresses would be available to other service delivery applications.

Share

Strategies to Overcoming Unconscious Bias in the Workplace

Unconscious bias is hitting the news. From Bay Street to Main Street to Starbucks the impact of unspoken bias is real and harmful to the workplace. Bias stands in the way of making correct decisions in hiring and promoting. It also has a vital impact on your staff and the workplace in general. Let’s explore how we can become aware of our own bias and stop it in the workplace?

 

First, let’s define it. “Unconscious bias refers to a bias that we are unaware of, and which happens outside of our control. It is a bias that happens automatically and is triggered by our brain making quick judgments and assessments of people and situations, influenced by our background, cultural environment and personal experiences. (ECU: 2013 Unconscious bias in higher education) 

 

We all have a bias. The question is, do we identify it and then what do we do about it? In addressing one of the most crucial training issues facing the workplace today, unconscious bias, employers can assist in creating an inclusive, civil and respectful workplace. 

 

Research indicates that unconscious biases are prejudices we have, yet are uninformed of. They are “mental shortcuts based on social norms and stereotypes.” (Guynn, 2015). Biases can be based on skin colour, gender, age, height, weight, introversion versus extroversion, marital and parental status, disability status (for example, the use of a wheelchair or a cane), foreign accents, where someone went to college, and more (Wilkie, 2014). If you can name it, there is probably an unconscious bias for it.

 

Hence if we think we are unbiased, we may have unconscious adverse thoughts about people who are outside our own group. If we spend more time with people from other groups, we are less likely to feel prejudice against them.

 

This universal tendency toward unconscious bias exists because bias is rooted in our brain. Research shows that our brain has evolved to mentally put things together to make sense to us. The brain sorts all the information it is blasted with and labels that information with universal descriptions that it may rapidly access. When we categorize these labels as either good or bad, we tend to apply the rationale to the whole group. Many of the conclusions are taken from previous experiences and learnings.  

In an article, “The Real Effects of Unconscious Bias in the Workplace”, a few of the known unconscious biases that directly impact the workplace include:

  • Affinity bias is the tendency to warm up to people like ourselves.
  • Halo effect is the tendency to think everything about a person is good because you like that person.
  • Perception bias which is the inclination to form stereotypes and assumptions about specific groups that make it awkward to make an objective judgement about members of those groups. 
  • Confirmation bias is the openness for us to pursue evidence that sanctions our pre-existing beliefs or experiences. 
  • Group think is a bias which occurs when people attempt to fit into a specific crowd by mirroring others or holding back opinions and views. This results in individuals losing part of their characteristics and causes workplaces to miss out on originality and creativity.

Horace McCormick’s research found more than 150 identified unconscious biases, making the task of rooting them out and addressing them daunting. For many organizations, however, identifying as many as possible and eliminating them has become a high priority.  

 

You can address discrimination issues by increasing your awareness of your unconscious biases, and by developing strategies that make the most of the talents and abilities of your team members. 

Unconscious behaviour is not just individual; it influences organizational culture as well. This explains why so often our best attempts at creating corporate culture change with diversity efforts seem to fall frustratingly short; to not deliver on the promise they intended.

 

What you can do: 

  • Be aware consciously of your bias 
  • Focus more on the people, on their strengths
  • Increase Exposure to Biases
  • Make small changes 
  • Be pragmatic 
  • Challenge stereotypes and counter-stereotypical information 
  • Use context to explain a situation 
  • Change your perception and relationship with out-group members 
  • Be an active bystander 
  • Improve processes, policies & procedures  

Also, managers can play a crucial role in unearthing these hidden biases by declaring their intentions to be non-biased. They can also provide transparent performance appraisals that emphasis on the employee’s exceptional abilities and skills, and grow a stronger mindfulness of their own unconscious principles.

 

Share