Conventional wisdom (and the politically correct CEO) says that people are our most valued asset. Unlike inventories, property, plant and equipment, though, people walk out of our workplace at the end of each day. In addition, our best people are actively recruited by our competitors (think how frequently, not if your top talent is being actively recruited). How can we protect our investment in our people? Should we treat all our employees in the same manner, or should our most talented contributors receive special treatment? Is this an HR-only issue?

If you are unsure how to think about these questions, I recommend taking an approach that I learned from an IT Security Risk Analyst. Not long ago I attended a Financial Executives International (FEI) meeting where one of the speakers was Richard Clarke, CEO of Good Harbor Security Risk Management. Mr. Clarke is a renowned consultant and speaker who was part of a team of advisors to President Obama regarding the NSA data breach.

In his presentation, Mr. Clarke discussed the NSA breach as well as Target Corporation’s stolen credit card information breach. He described the events that led to the data breaches, and prescribed an approach and methodology that can help us avoid the same fate. Here are the basic steps he suggested:

1. Identify your “Crown Jewels”
2. Determine your Worst Case Scenario
3. Develop a Breach Plan
4. Create a Long Term Protection Plan

For data protection purposes, the four steps focused on the most sensitive and important data of an organization. From a talent perspective, the four steps apply to top talent.

Bill Gates used to say that there were a handful of people at Microsoft who “made” the company, and if they left there would be no Microsoft. Step one, identify your Crown Jewels, is all about identifying those people who are essential to your continued success. Who are these people in your company?

The next step is the scariest. In his presentation to the FEI, Richard Clarke said he watched the Congressional hearing where Target’s CEO was asked to explain what happened and how their data breach occurred. The chagrined CEO told Congress that he never imagined the breach would take place. This step is about doing just that – imagine what will happen if your top talent leaves, or worse, goes into competition and takes your best people and customers.

As frightening as the worst case scenario can be, developing a breach plan can help you get back to sleep at night. This step is all about damage control following data breaches. For a talent plan, though, it is more about what we can do to try to keep our talent, as well as planning for how to replace them if they do leave. A combination of engagement, recognition and rewards to retain, and cross training and succession planning to replace may be in order.

Step four, the long range plan, is the comprehensive talent management strategy you have in place to identify, attract, hire, develop and retain your top talent. Does your company have a comprehensive talent strategy? If so, is it working – do you have the talent in place and in the pipeline to help you reach your strategic goals? If the answer to these questions is anything but a resounding YES, then what is stopping you? Time, focus, budget?

Richard Clarke pointed out that the Target data breach was estimated to cost the company over $3 billion in lost revenues, recovery expenses and lawsuit settlements. Yet, prior to the breach, he believes it is likely that the company (most companies) would have scoffed at the idea of investing, say, $100M to upgrade their IT security protocols in order to prevent such a breach. If only they could go back in time to make that decision.


For help protecting your most valued asset, please contact us.

Originally published on February 24, 2014


Please follow and like us:

Enjoy this blog? Please spread the word :)