The “return to normalcy” and a new trend in cultivating malicious insider threats

The “return to normalcy” and a new trend in cultivating malicious insider threats

Lots of American organisations are considering their return to pre-pandemic norms this summer. This entails bringing their workers back in to the office. I predict that this move presents an interesting twist on creating new insider threats where none need exist. To support my argument, let’s check in with my mate Eduardo and his experience returning to the office back in May.

For reference, Eduardo is a junior director. Up until recently, he was a department head with a hundred or so people working for him. Eduardo is currently between assignments while he waits to see if he’ll get to run a different department; in the meantime, he’s been given several “special projects” to keep him out of trouble. This allows him considerable freedom to wander the campus and chat with his colleagues.

Last week, Eduardo called to relate how his first day back in the office went following Texas’s Governor’s decree that no county, state, or city could mandate mask wear. Eduardo told me that he stopped by the offices of three senior directors to check in, and all three visits left him … disturbed. Every time, Eduardo said, the senior director greeted him effusively. The first thing they each told him, Eduardo said, was that he could “take off his mask.”

Mind you, Eduardo is fully vaccinated. If the newest guidance from the Centers for Disease Control can be taken as gospel, it should be safe for Eduardo to un-mask around other vaccinated people (and only them). Naturally, the first thing Eduardo asked his host was whether or not the senior director had “gotten his jabs” yet. Eduardo wasn’t surprised when two of the three senior directors he visited said that they weren’t, while the third was noncommittal. He left his mask on.

Eduardo has been with the company for over 20 years and holds enough rank that he’s immune from the pettiest forms of political retaliation … Unlike 90% of the workers who don’t dare disobey a cranky senior director.

In all three visits this upset his hosts. Eduardo told me how they each tried to convince him to un-mask before they would talk business. One senior director scoffed, saying that “masks don’t work because viruses aren’t real.” The second senior director acted personally insulted, as if refusing to un-mask in his presence was a deliberate insult. The third, though … hoo boy. The third senior director bragged how even though mask wear had been mandatory company policy for a year, he had ordered his workers to ignore the mask mandate at all times while in his building.

Now, Eduardo had passed eighth grade biology so he knew that these older, senior men were all talking dangerous nonsense. Nonetheless, they outranked him and hold political influence that could negatively impact his career if he upset them. In each encounter, Eduardo gently redirected the topic of conversation rather than risk an argument. He knew from prior experience that these three senior leaders wouldn’t listen to reason; they never had before the pandemic. They were all likely lash out if challenged their beliefs or decisions in the slightest.

Eduardo is a serious, thoughtful fellow. Even though he wasn’t required to keep wearing a mask under Texas rules, he chose to for three practical reasons. First, he’s not completely convinced that a full vaccinated person can’t be re-infected. Eduardo reads the medial news every morning because he takes the plague seriously and doesn’t want to get himself, his family members, or literally anyone else infected. In truth, he’s more concerned about infecting others than he is in getting sick himself. Eduardo is good team player.

Second, Eduardo leads by example. He knows that two-thirds of Texans are still unvaccinated, which compels everyone to maintain pandemic safety measures until further notice. He wants to demonstrate that basic safety protocols are easy to follow and aren’t a major inconvenience.

Eduardo used to wear a head-to-toe chemical warfare battle suit in the military. With 50 kilos of armour and belt kit. By comparison, most pandemic safety measures are trivially easy.

Lastly, Eduardo has talked with several employees who have sound reasons why they can’t be vaccinated yet, which leaves them still vulnerable to infection. For such people, mask wear isn’t a choice – it’s a necessity. Eduardo told me that he intends to maintain a safe environment where people who can’t un-mask yet aren’t pressured to do so by an ignorant co-worker.

That last one seems like the most important factor of the three. In defence of Eduardo’s logic, I know several people who simply don’t want to un-mask in public yet. Some have other medical conditions that a mask will help protect them against, while others have been scarred by the losses they’ve endured. They’re not comfortable un-masking yet. The prospect of having a senior person bully them into doing something they’re not comfortable with greatly disturbs them.

This isn’t new. We’ve all met sexist, domineering jack-wagons that berate, cajole, and bully their subordinates into acting differently from how they prefer to. The 1970s “Show us your gams, sweetheart” sexual harassment norm evolved into the 2010’s “Ditch the hijab” religious harassment norm but it’s all the same garbage: a person with power uses that power inappropriately to compel someone vulnerable into acting against their own desires. Nowadays, it’s being used to pressure people into un-masking when they can’t, shouldn’t, or just don’t want to. It has nothing to do with efficacy, operational effectiveness, or anything rational; it’s just the application of power for its own sake to remind the victim and all who witness the interaction that the person holding power can use it capriciously and that obedience to the leader’s slightest whims is a mandatory condition of employment.

This is, I think, the new trend in cultivating malicious insider threats: disputes over health and safety protocols regarding COVID-19 and the so-called “return to normalcy.” As people trickle back in, those office cowboys who are predisposed to create unnecessary friction for their own entertainment and ego-gratification will use pandemic protocols – rules like mask wear, one-way traffic patterns, maximum elevator occupancy, etc. – as excuses to exert their power over others. They’ll demand non-compliance with CDC, state, or even company requirements as proof of personal loyalty just as they did pre-pandemic with everything from dress codes to acceptable language to after-work booze-ups. It’s all power applied for its own sake.

The critical difference between the pre-pandemic arbitrary application of power and this summer’s new twist is that this time the convenient excuse for a do-as-I-say-not-as-the-rules-say fight involve much higher stakes. Getting pressured into having a beer at lunch because your boss demanded it might risk an HR reprimand, whereas getting pressured into dropping personal protective measures during a pandemic might get you infected, leading to you and/or your loved ones getting killed. That’s a whole new ball game – one that most office cowboys have never played in before.

One of the core behaviours that defines an office cowboy is their inability to accept that rules assigned to everyone apply to them as well. In their minds, they’re special – exempt from constraints that rightfully shackle “lesser beings.” As such, they often have a dangerously stunted ability to perceive and prioritize risk.

I suspect that HR departments all around the country aren’t ready for this. I’ve been reading articles in the business press where corporate spokespeople have tried to assure us that “we take employee health and safety very seriously.” Personally, I don’t buy it. Normal American corporate management techniques are wholly inadequate under emergency conditions. Imagine if Eduardo reported one of his senior directors for pressuring him into removing his PPE. What consequences would the offender face? A phone call? A sternly worded email? Maybe a tasking to re-take the pandemic safety CBT?

Here’s the thing: office cowboys aren’t ignorant of the rules they’re violating. They’re fully aware of them. In fact, they deliberately violate those rules specifically to prove that they’re exempt from them. It’s performance art. Which is … fine … for most companies when the stakes are low. Sure, Eduardo got upset and might be more inclined to quit if he’s forced to listen to his senior director’s sexist jokes. Most companies will tolerate that so long as the profits keep rolling in. But what about a deliberate rule violation that gets someone sick, injured, or (god forbid) killed?

The workers know it, too. The rational ones, anyway, are fully tuned in to the elevated risk. This isn’t “minor harassment” anymore, it’s a direct threat against their lives and the lives of their families. How do you think they’re going to react? With heightened fear? Perhaps aggression? Revenge? Maybe even violence? After all, “self-defence” is often a completely acceptable excuse for abhorrent behaviour in America.

This is a terrible situation, but it’s one that can be pre-empted through deliberate and wilful enforcement of company policy. I know Eduardo’s company; they’ve always been reluctant to rein in their senior leaders. Now’s the time, I argue. To bring the hammer down. If there was ever a “right time” for zero tolerance policies towards deliberate failure to enforce safety standards, now’s that time … anyone refusing to follow pandemic protocols gets the boot. No worker’s life must be put in jeopardy because of some office cowboy’s ‘I-do-what-I-want’ stunts.

The alternative is potentially too gruesome to contemplate. That’s why my mate Eduardo finally relented and took my advice about finding a job with some other company. At least he can … most of the people he works with don’t have that option.

Copyright Lyonsdown Limited 2021

Top Articles

Australian energy giant CS Energy suffers a ransomware attack

Australian energy company CS Energy suffered a ransomware attack on November 27 that targeted its corporate network.

Misconfiguration of a management user interface (UI) tool leads to exposure of mission-critical data

Kafdrop, a popular open-source Apache Kafka user and management interface had configuration flaws that provided criminals with access to event-streaming platform Apache Kafka used by more than 60 per cent…

ICO serves £500,000 fine to the Cabinet Office for New Year Honours data breach

The ICO has fined the Cabinet Office £500,000 for failing to prevent the leak of postal addresses of over 1,000 people who were among the 2020 New Year Honours recipients.

Related Articles

[s2Member-Login login_redirect=”” /]