[Global] After IT outage Microsoft will link employee rewards to prioritising security

In the wake of July’s global IT outage, Microsoft has made security central to its performance management, Startups reports.

According to an internal memo - first reported by The Verge - Microsoft’s chief people officer Kathleen Hogan told employees, “Delivering impact for the Security Core Priority will be a key input for managers in determining impact and recommending rewards”.

A flawed update by third-party cybersecurity firm CrowdStrike disrupted Microsoft systems worldwide in mid-July. A fortnight later, the software giant was hit by a cyberattack that led to its systems shutting down for eight hours.

Linking employee rewards with security is seemingly a way for the tech giant to alert its workforce that the responsibility for future security breaches will be laid at their feet.

The memo - printed in full by The Verge - informs team members that security is now a “Core Priority” for Microsoft. “When faced with a tradeoff, the answer is clear and simple: security above all else,” Ms Hogan states.

The HR change, combined with DEI, means every employee at Microsoft will now be judged on their contribution to this priority in their appraisals.

Ms Hogan said this “is a way for every employee and manager to commit to - and be accountable for - prioritising security, and a way for us to codify your contributions.”

Under the new policy, if a worker is found not to have prioritised security during their annual or monthly performance reviews (called “Connect” meetings at Microsoft) they could reportedly be ineligible for promotions, merit-based salary increases, and bonuses.

Ms Hogan states that employees will need to provide evidence of their commitment to security themselves, by recording any progress made in the internal Connect tool.

Source: Startups

(Link and quotes via original reporting)

In the wake of July’s global IT outage, Microsoft has made security central to its performance management, Startups reports.

According to an internal memo - first reported by The Verge - Microsoft’s chief people officer Kathleen Hogan told employees, “Delivering impact for the Security Core Priority will be a key input for managers in determining impact and recommending rewards”.

A flawed update by third-party cybersecurity firm CrowdStrike disrupted Microsoft systems worldwide in mid-July. A fortnight later, the software giant was hit by a cyberattack that led to its systems shutting down for eight hours.

Linking employee rewards with security is seemingly a way for the tech giant to alert its workforce that the responsibility for future security breaches will be laid at their feet.

The memo - printed in full by The Verge - informs team members that security is now a “Core Priority” for Microsoft. “When faced with a tradeoff, the answer is clear and simple: security above all else,” Ms Hogan states.

The HR change, combined with DEI, means every employee at Microsoft will now be judged on their contribution to this priority in their appraisals.

Ms Hogan said this “is a way for every employee and manager to commit to - and be accountable for - prioritising security, and a way for us to codify your contributions.”

Under the new policy, if a worker is found not to have prioritised security during their annual or monthly performance reviews (called “Connect” meetings at Microsoft) they could reportedly be ineligible for promotions, merit-based salary increases, and bonuses.

Ms Hogan states that employees will need to provide evidence of their commitment to security themselves, by recording any progress made in the internal Connect tool.

Source: Startups

(Link and quotes via original reporting)