by Francis Otieno | Jun 26, 2023 | HCM
We all know how it goes.. its the end of the year and the company needs to evaluate staff for possible salary increase or reviews for performance improvement plans. Even though, seasoned human resource experts opine that, to achieve effective performance appraisal, organisational goals ought to be clearly defined and understood by the entire workforce. Staff members can then define personal goals that align to the organisation’s end result. This creates a sense of involvement in the workplace, where expectations from staff are clear and there is enough room for personal development.
To build a cohesive workplace where the team members understand the strengths and weaknesses of each member and work towards a common organisation-wide goal, the stream of feedback needs to be uninterrupted. During this time, reporting managers are stressed trying to walk the tight rope, and not to upset the applecart. At the same time, they must differentiate rewards based on individual performance and risk dissatisfying some members of their team, while faced with a limited budget within which everyone’s expectations are to be accommodated.
Given this backdrop, is this a desirable exercise, if at all? Nonetheless, we need to acknowledge meritocracy, promote competition and reward excellence. There must be a better way of reviewing performance and rewarding merit based on accountability. For all its worth, performance appraisal ought not be a one-time annual season of intensive exercise wrongly conceived for ‘assessment interview’ where staff work endlessly trying to dress up the bride while operations almost grind to a halt.
Thankfully, Baraza HCM, Performance Management is one such tool that can facilitate personalisation and flow of activities right from defining key performance indicators (KPIs), competencies, and setting targets against the KPIs for the assessment of performance. In addition, it is very easy to report performance on an ongoing basis based on the frequency defined for individual staff KPIs, such as weekly, monthly, quarterly, bi-annually or annually. The reporting manager can give feedback with the same frequency in a sequentially rolling basis for each individual staff.
Unlike the olden days of annual performance appraisal, the new agile method allows for personalised periodic sprints. Spot awards can be given to staff for outstanding performance at any periodicity. Baraza HCM, Performance Management can rank performances and send automated triggers to staff sharing scorecards periodically. With this agility, appraisals do not have to happen at the same time for the organisation as a whole, which often builds an environment of heightened toxicity, gossip, and speculations. Rather, appraisals can happen on an ongoing basis anchored on the periodicity of the KPIs. Besides, all staff must not be appraised at the same time and season across the organisation.
With this level of automation, Human Resources team members have more time to facilitate developmental conversations between the employees and the management on topical issues including career plans, potential and future growth opportunities, a critical investment for an organisation to strengthen its ability to face uncertainties and continually transform.
The key to the success of this agile appraisal tool lies in the ability to define periods, KPIs, set targets, review when needed and drive personalised staff appraisals regularly.”
by Musa Hassan | Jun 12, 2023 | Cyber Security, Headline
In the current online era, a number of us have been involved in a data breach. Data breaches are security incidents we now hear about every day. They strike every industry, every sector, and every country. Victims might be individuals, small, independent businesses, non-profits, or large companies. While avoiding attacks is the goal, there is no such thing as perfect security. How you respond in a crisis helps determine the future of your organisation, often cyberattack victims do not know what to do next.
With that in mind, let’s look at some best practices to cyberattack response.
1.Freeze everything
Do not shut down the affected devices or make changes to them immediately, instead take them offline. The idea is to stop the attackers from going on with their activity and also to avoid tampering with evidence that might be beneficial during forensics investigations (in case you intend on taking that route)
2. Change passwords or lock credentials
This is a common tactic in preparing to investigate a data breach since it will help ensure the cessation of the said breach if it is ongoing, and data breaches commonly rely on compromised passwords and credentials. Make sure to apply this step to all involved accounts, whether confirmed or suspected.
3. Ensure auditing and logging are still ongoing
Ensuring that existing system auditing remains intact and has been operational will be one of the most useful steps you can take to determine the scope of the breach and devise remediation methods. If auditing has been disabled (to cover someone’s trail for instance), restore it before proceeding; it will also assist in establishing whether breach activity is ongoing and when the breach can be safely determined to have concluded.
4. Determine the impact
Determine the root cause, did someone forgetfully give out their password? Was a system not patched for a particular vulnerability? Did someone plug an unauthorised laptop into the company network which then subjected the organisation to malware? Or did an employee simply click on a malicious link on some website?
5. Determine how it happened
Determine the root cause, did someone forgetfully give out their password? Was a system not patched for a particular vulnerability? Did someone plug an unauthorised laptop into the company network which then subjected the organisation to malware? Or did an employee simply click on a malicious link on some website?
6. Determine what needs to be done
Come up with a remedy to prevent future occurrences of similar nature. Establish whether, to update software, change network firewall rules, run anti-malware scans etc.
7. Communicate the details to the appropriate internal personnel
Let them know the breach occurred, how it occurred, what details were involved, and what has to be done. You may need to talk to legal, PR, the HR department, customer service or any other stack holder group which needs to be involved in the post-breach cleanup.
8. Make public announcements and prepare for responses
This is never easy but quite likely it will be up to someone to make a public announcement, perhaps in the form of a press conference, series of emails, social media announcements, website announcements or any other form of communication which exists between the company and the parties concerned. Make sure to describe what the organisation has done to remedy the breach, what it intends to do in the future, and what (if any) steps customers should take to protect themselves, such as by changing passwords, contacting credit card companies or placing fraud alerts. If possible, establish a hotline or name a specific group/contact information to address customer concerns regarding this breach so they can answer questions and provide guidance
