Perspective: Why Politics in the Workplace is a Cybersecurity Risk

When I first started working, politics was intentionally kept out of the workplace, regardless of how strongly different people may have felt about their own political beliefs.n Business was business, and one’s personal beliefs were not particularly relevant to the tasks at hand. A person who performed their job duties well was valued for their contribution and was never asked about their own personal beliefs. It may be hard to believe these days, but people just didn’t talk about politics and/or political ideologies, and in my opinion, the workplace was better for it.

Fast forward to today. I often get frustrated looking for professional content on certain, supposedly professional, social media sites. The good content that I used to enjoy is all too often drowned out by political content. Sure, it is true that one can filter their feed on these sites, but my point is that we shouldn’t need to. It shouldn’t be so difficult to engage with other professionals in a professional manner on a professional forum. Social media isn’t alone in this regard, unfortunately.  In a similar vein, many professional forums (whether in-person or on-line) have become oversaturated with politics.

At this point, you may, rightfully, be asking yourself what my point is and what this has to do with security.  Regarding what my point is, I’d argue that politics in the workplace introduces risk. That introduction of risk, in turn, makes politics in the workplace a security issue.  How so?  Allow me to elaborate.

Decision Making: Making the right decisions on a consistent basis is definitely not easy. One thing is certain though – doing so requires basing decisions on accurate data and facts. When ideology and belief become a factor in decision making, it introduces the potential for serious risk. Decisions should be made in as objectively and scientifically a manner as possible.  No human process is ever 100 percent objective, of course, but there are steps organizations can take to mitigate the introduction of ideology and belief. The security team’s job is already hard enough before the introduction of business decisions made subjectively and unscientifically.

Divisiveness: According to Wikipedia, “the term divide and conquer in politics refers to an entity gaining and maintaining political power by using divisive measures.” Similarly, Britannica defines “divide and rule” as “a strategy of governing colonial societies by systematically separating social and cultural groups, partly because those groups may otherwise unite and overpower the colonizing power.” I think you get the idea.  It’s no secret that politics is divisive.  In security, success depends on a cohesive team working collaboratively together.  Politics can only harm this cohesiveness, and in doing so, can introduce significant risk into the business.

Exclusion: For all the talk of inclusion these days, we sometimes forget that we can exclude those that don’t share the prevailing political view if the business environment is full of politics.  Diversity of thought and diversity of opinion are both important parts of a successful team.  When we leave out those that see the world a bit differently than we might, we risk excluding valuable input that may benefit our team.  This is especially the case in security.  While we shouldn’t introduce politics to any work environment, we need to make sure that team members from all parts of the political spectrum feel comfortable.  After all, the way someone sees the world may very well give them a unique perspective to solve that difficult problem the team has been struggling with.

Groupthink: Wikipedia defines groupthink as “a psychological phenomenon that occurs within a group of people in which the desire for harmony or conformity in the group results in an irrational or dysfunctional decision-making outcome.”  In other words, people who have evidence that counters the prevailing narrative and/or way of thinking may be afraid to speak up, which may lead to disastrous consequences.  It is hard enough for security leaders to create environments where people feel comfortable raising issues that may be unpopular, may cause disagreement, and/or may go against conventional wisdom.  When politics is introduced, creating that type of environment is nearly impossible.  Yet it is precisely that type of environment that consistently produces the best results when it comes to security.

Limited Resources: If you’ve worked in the security field for a little while, you know that resources are often scarce.  Sure, we routinely hear about recruiting and retention issues.  But even if a security team is fully staffed with all the right people who have all the right training, resources are still stretched thin.  Given this, how can a security team afford to waste any cycles on matters of politics or ideology?  They can’t, of course, and the most successful security teams know that.

It may be difficult to hear this if you are under a certain age and/or haven’t experienced it live, but the workplace is better without politics. Everyone is entitled to their own political beliefs, of course, but those beliefs should be kept out of the workplace, professional forums, and professional social media sites. Besides reducing unpleasantness, this practice can make security teams more effective and more productive, and that is good news for the organization’s overall security posture.