« All Blogs

Two ADP employees having a casual conversation

Does culture really eat strategy for breakfast?

Yes, Culture DOES Eat Strategy for Breakfast

Jude Murphy

Jude Murphy

Nov 6, 2019 · 3 min read

« All Blogs

Group of people dressed in rainbow colors in front of a Pride sign

“Better to Best” — ADP’s Diversity and Inclusion Road Map

The best organizations embody an inclusive culture that extends beyond the D&I function. Their leaders drive performance and innovation by demonstrating to their employees and to the world that people belong and are integral to the organization’s purpose.

For many organizations the question, “Why is diversity important in the workplace?” is a top-of-mind concern. Companies that struggle to answer this question may find it difficult to accomplish business objectives that focus on recruiting and retaining employees.

A lack of diversity and inclusion (D&I) can have significant negative effects on an organization and its workforce. This can manifest in the form of pay inequity, limited representation in leadership roles, or a perception in the market that the organization is an undesirable place to work.

While some businesses struggle with addressing D&I-related challenges, others are making great strides in this area. To reach the level of best in class for D&I, an organization needs to leverage a variety of methodologies, partnerships and strategic insights to demonstrate why diversity is important in their workplace.

At ADP, we aim high when it comes to diversity and inclusion. Here’s how we turn “better” into “best” when it comes to accomplishing our D&I objectives.

Diversity and Inclusion in Action

To be clear, there is no one-size-fits-all approach to creating, let alone sustaining, a diverse and inclusive organization. And the challenge only becomes greater the larger a business is. A Chief Diversity Officer (CDO) in charge of D&I efforts should therefore consider the following key points:

Buy-in from senior leadership: Ideally, everyone within an organization would understand, believe in, and value the impact of D&I on the business. This has been the case at ADP, where our CEO, Carlos Rodriguez, signed the CEO Action for Diversity and Inclusion Pledge to demonstrate that D&I is of utmost importance to the organization. It also helps that a C-suite-level role focused on diversity had already existed at ADP for a number of years prior to my own onboarding. Crucial buy-in from ADP leadership has helped our organization become recognized as an industry D&I leader, ranked at number three on DiversityInc’s 2019 Top 50 List.
This isn’t the reality at every organization, however. Getting buy-in from senior leadership starts with providing a vision that they can see, understand and get behind. It may be helpful to illustrate how D&I initiatives could alleviate organizational pain points, such as high turnover for women in leadership roles. Or low engagement/organizational sentiment scores for underrepresented demographic groups. Senior leadership should hold their teams accountable for working to achieve positive HCM metrics that are enabled by D&I goals.

Using data to inform efforts: Data should be used to make decisions that may affect the health of an organization, and issues of D&I are no exception. Some types of data which organizations should focus on in this regard include:
Hiring and promotion statistics for women, people of color, veterans, LGBTQ employees and employees with disabilities
Retention rates by demographic to assess disparities between majority and non-majority groups
Engagement level scores and results from culture surveys reviewed by demographic and geography
Employee demographic data, with a focus on reviewing the differential between majority and non-majority populations
Having champions throughout the organization: Even within organizations that have a person or a department focused on diversity and inclusion, there’s no way their work can reach the entire organization without active support from other stakeholders. Champions can help expand the reach of D&I in a variety of ways. At ADP, I engage with about 30 global champions on a monthly basis. Their objectives are to influence others and share best practices, serve as role models and mentors, and help hold others accountable. When champions are also members of a majority group (e.g., white men) and are genuinely invested in workplace equality, it helps amplify the organization’s D&I efforts considerably.
The “Why” of Diversity and Inclusion

Numerous studies have demonstrated that workforces with greater diversity have the potential to be more profitable, innovative and resistant to disruptive market forces than less diverse workforces. For example, according to McKinsey and Company’s Delivering Through Diversity report, “Companies in the top-quartile for ethnic/cultural diversity on executive teams were 33% more likely to have industry-leading profitability.”

Individuals looking to do business with a company are now examining that organization’s higher purpose with greater scrutiny than ever before. Beyond earnings, people will seek answers to their questions about D&I at your organization, and they might make their decision about whether to deal with or join your organization based on your D&I efforts and reputation — as well as your initiatives around Corporate Social Responsibility (CSR) and philanthropy. Every organization must care about the perception of its brand in the marketplace, and it pays to be known as a business that cares deeply about creating and maintaining a culture of inclusion.

Organizations must also understand and evolve with approaches to communication that individuals concerned with D&I expect to see. For example, when an organization leader expresses their gender pronouns (e.g., during introductions at meetings or in company email signatures), it can send a signal that a company cares about the LGBTQ population — not just internally, but also in the community at large.

Going From “Better to Best”

The best organizations embody an inclusive culture that extends beyond the D&I function. Their leaders drive performance and innovation by demonstrating to their employees and to the world that people belong and are integral to the organization’s purpose.

With the support of leadership, data and metrics, and champions around the world, ADP has moved beyond measuring itself against industry practices and standards alone. Our focus now is to embody diversity and inclusion in our culture.

« All Blogs

Close up of woman smiling

2020 Vision: Data Security Trends for the New Decade

There are four major trends to consider for your data security planning as the new decade begins.

Cyberattacks aren’t slowing down. In fact, both the number and the cost of attacks are increasing as the new decade dawns.

To combat these current and emerging threats, it’s worth looking back on the last 10 years. What technological advancements sparked the need for improved information security (infosec)? What’s next for attackers as defenses become more sophisticated? And which data security trends offer actionable “2020 insight”?

Retrospective Risk

According to Kim Albarella, Senior Director of Security Advocacy for ADP, significant cybersecurity shifts came about in the wake of events like Y2K and 9/11. “Companies started to get nervous that systems wouldn’t function properly,” she says.

Ten years ago, server and mainframe protection were top priorities. “While there were Blackberries, not everyone had one. iPads were just breaking out. Mobile was remote, but not widespread,” Albarella says. “Infosec was just starting with firewall protection, server protection and physical protection of data centers.”

But existing server protections began to fail. From whistleblowers to commercial breaches to widespread development of ransomware tools, changing conditions made data the battleground of enterprise IT. Attackers were always one step ahead and always finding new ways to enter systems. Businesses deployed intelligent, adaptable tools capable of detecting malicious resource use and network access, and in response, malicious actors leveraged fileless malware. Users moved to mobile, and cybercriminals followed with SMS threats and fake applications. At scale, organizations moved to the cloud, using increased resource availability to boost total security and enhanced connectivity to drive mobile adoption.

Now, experts predict greater personalization of attacks as protected data is leveraged to modify user behavior. More blunt-force breaches are likely as well, as hackers are now seeking simple routes through the increasingly complex Internet of Things (IoT) and other perpetually connected systems.

The last decade made it clear that change drives IT’s advantages and adversaries. With the benefit of “2020 vision,” we can observe four consistent data security trends from these years and move into the future of IT innovation with an informed perspective.

1. Handling the Human Factor

Human error remains the leading cause of data breaches, reports Kaspersky Lab. As Albarella points out, “We’re social computers, easily hacked.” Psychology matters as much as physical or digital data defenses, and if hackers can tap into our knowledge of critical network services, corporate email lists or personnel files, all it takes is “one trick, one click” for hackers to compromise key systems.

Ten years ago, this often took the form of easily identifiable scam emails offering large sums of money to unsuspecting staff members in exchange for seemingly innocuous information. Today, many of these messages are seemingly sent from the C-suite; as Albarella notes, “It’s going to get much worse with deep fake videos that are nearly perfect.”

But it’s not all bad news. Humans can act as both protectors and points of compromise. Albarella recommends investing in regular online and on-site training to help staff recognize potential threats and respond accordingly.

2. Getting Back to Basics

In the decade of databases, patching was priority No. 1. By applying patches to all connected systems, organizations could deliver security at scale to combat potential attacks. Today, the rise of remote workers and third-party providers means there’s no way to ensure all endpoints are equally well-defended, which creates a golden opportunity for hackers.

Here, Albarella recommends getting back to basics. “Don’t focus on what you can’t control or the most remote scenarios. Focus on the doing the rights things with the most impact today,” she says. But what does that look like in practice?

Patch everything — You may not get to every desktop and device, but the broader your updates are, the better your defenses stand to be.
Deploy the right tools — These should include advanced firewalls that can handle both cloud and local traffic and respond automatically to suspicious events.
Implement multi-factor authentication (MFA) — With mobile devices now being an essential part of business operations, MFA can frustrate front-line attackers without negatively affecting staff productivity.
3. Jumping the Generation Gap

Social media has become a driving force for business success. Albarella sees the “social paring of all functions creating another attack surface.” From Facebook to Twitter to LinkedIn to purpose-built, in-house social networks, “Employers must integrate social media — just like the cloud or big data — but they need to defend it.”

This requires policies and procedures capable of jumping the generational gap. While older employees may not understand how to use new tools like TikTok or Instagram, younger staff may not recognize their inherent risks. With social sites now being mined for data by attackers, organizations can’t overlook the need for clear directives and detailed best practices.

For example, it’s worth describing exactly what is permissible both on and off the clock. From posting on corporate accounts to sharing files for collaboration, be clear about your guidelines and the specific consequences for failing to comply with social policies in order to defuse potential attacks before they begin.

4. Developing a Disaster Plan

Finally, Albarella points to the need for resiliency plans that answer key questions, including, “Where’s my data? Who can access it? When? How?” Since pressing cybersecurity concerns are cropping up in real time, organizations need disaster recovery plans that can address the impact of attacks at scale but also focus on specific outcomes, such as recovery time objectives that get local resources back up and running.

Bonus Round: Small Businesses

Big corporate breaches regularly make the news; smaller businesses are often ignored. But as Albarella notes, the majority of cyberattacks are aimed at small businesses. SMBs need procedures in place to notify both staff and compliance agencies of any potential breaches, and they must account for the disparate nature of their networks: How do they secure remote workers? Public Wi-Fi connections? Portable hardware and Google docs?

While the same four data security trends apply, the best-case scenario for small businesses often lies with outsourcing: Finding trusted third parties to improve data defense without breaking budgets.

The last decade saw technology — and attack vectors — advance at breakneck speeds. While the next 10 years will naturally offer their own unique challenges, the trends outlined here will remain foundational elements of 2020 infosec success.