Internet and Technology

Microsoft is one of the wealthiest and most successful companies in the world. Even more important, from a human resource perspective, is the fact that Microsoft is an employee-driven organization. While other organizations base their success on better manufacturing techniques, or better technology, Microsoft’s success is based on the effectiveness of their employees. Essentially, Microsoft value their staff and realize the importance of their staff. This focus on employees may, in the future, expand to all organizations. Microsoft then, is worth studying as an example of best practice in human resource management.

This study will focus on Microsoft’s employee management methods including how they recruit and how they retain their staff. By looking at how Microsoft operate, there is opportunity for other organizations to consider how they manage their employees and to consider whether their staff are also valued.

Firstly, the study will present information on the human resource practices at Microsoft. Secondly, the study will analyse these practices with a view to showing why they are effective.

HUMAN RESOURCE MANAGEMENT AT MICROSOFT

Recruitment and Selection – In the Beginning

Bill Gates is the driving force for Microsoft and from the beginning of the company he believed in recruiting extremely intelligent staff, favoring intelligence over experience, “his preference for hiring extremely intelligent, not necessarily experienced, new college graduates dated from Microsoft’s start-up days, when he and cofounder Paul Allen recruited the brightest people they knew from school – their ‘smart friends’” (Bartlett 1).

From the beginning Gates realized that his employees were his greatest assets, shown by his quotes including “it’s the effectiveness of our developers that determines our success” and “take our 20 best people away, and I will tell you that Microsoft will become an unimportant company” (Bartlett 2).

Microsoft’s recruitment strategies reflect their philosophy. They sought the smartest and the most driven people and did so aggressively, as Steve Ballmer says “whenever you meet a kick-ass guy, get him” (Bartlett 2).

The recruitment strategies in the beginning included sourcing people from the elite educational facilities such as Harvard, Yale, MIT, Carnegie-Melon and Stanford. Microsoft recruiters would visit these universities “in search of the most brilliant, driven students” (Bartlett 2). Experience was not required and it was in fact, preferred that new employees had no experience.

Once selected, these students had to undergo a thorough selection process. The first stage was an interview “by at least 3, and sometimes up to 10, Microsoft employees” (Bartlett 2).

These interviews were designed not to test knowledge, but to test “thought processes, problem-solving abilities, and work habits” (Bartlett 2). Technical interviews are described as being focused mainly on problem-solving, with interviewers posing problem scenarios. To test the composure of the candidate and also their creative problem-solving skills, unexpected questions were also included. Two examples of these questions given are “how many times does the person use the word ‘the’ in a day” and “describe the perfect TV remote control” (Bartlett 2).

After the interview, interviewers would e-mail their decision on the interviewee with the words ‘Hire’ or ‘No Hire’ and comments on the problem area, the future interviewers would then use these comments to further investigate whatever issues there were with the interviewee (Bartlett 3). This interviewing process was essentially a ‘make or break’ one, where interviewees were pushed to their limits, if they thrived and survived this meant they would also thrive and survive in the Microsoft working environment.

After this series of interviews, if the majority of interviewers were favorable the interviewee would finally meet with their manager and this manager would make a final hire/no hire decision. The very last step is an interview by someone outside the hiring group, this person is independent and so unbiased in their opinion. This person is meant as a final check that the person is a good Microsoft person and also to prevent managers from hiring the wrong people because they have a need to fill a certain position (Bartlett 3).

The importance of hiring the right people is also shown in Microsoft’s ‘n minus 1’ strategy which means less people are employed than are required. This policy reinforces that hiring the right people is more important than hiring just to fill a position.

Recruitment and Selection – Later Stages

Microsoft retained the same basic principles as they expanded but had to change their methods when the number of new employees required could no longer be sourced only from universities.

The recruiting practices continued to be active rather than passive, with Microsoft ‘head hunting’ the best staff. These staff were found, monitored and recruited from other companies by over 300 recruiting experts, “once someone had been identified as ‘hard core’ – Microsoft’s euphemism for the kind of highly talented and driven people they sought – the pursuit was relentless, if subtle. Regular telephone calls at discreet intervals, conversations at industry conventions, invitations to formal dinners – recruiting team members employed every means possible to keep the lines of communication open” (Bartlett 9).

Microsoft also took advantage of breaking opportunities such as company layoffs, one example is with the AOL down size, “when we heard AOL was downsizing Netscape’s operations in the valley, we assembled a team to identify the best talent and go knocking on doors” (Bartlett 10).

Employee Satisfaction and Loyalty

Microsoft attempted to cater to the needs of its employees from the beginning. Recognizing that the majority of employees were just out of college, the Microsoft company operated like a campus. The former director of human resources describes this saying, “how do you make young kids who had never been away from home – or only as far as college – comfortable? We wanted to keep the atmosphere at work one they were somewhat familiar with, and also make sure it gave them a sense of social belonging” (Bartlett 4). This environment also included every employee having their own office they were free to decorate as they please and the provision of subsidized food and drink (Bartlett 4).

Employee satisfaction was also afforded by the opportunity for growth, “development also occurred by encouraging horizontal transfers, and employees were encouraged to develop themselves by switching jobs” (Bartlett 6).

It is noted that few employees leave the organization by dismissal, with the majority leaving voluntarily (Bartlett 10). Concern over high attrition rates in the 1990s led to surveys to find the cause of the problem and for changes to be implemented. One of the major changes was the requirement for top management to coach lower levels, assisting in their development by doing so. This became known as ‘turning over the keys’ (Bartlett 11). This is important because it allows people an opportunity to develop further. Also critical to the changes was a new focus on empowering people and of defining clear goals. These changes were all designed to increase employee satisfaction and commitment to the organization, while maintaining the same spirit the small company began with.

Employee Rewards

In the early days Gates was a firm believer that employee ownership was critical in raising motivation and employee retention, in lieu of high salaries he offered employees equity (Bartlett 7). Once listed on the stock exchange, this continued, with the company offering stock options to employees based on performance.

Critical to this is the link between individual performance and reward, with semi-annual performance reviews linked to pay increases, bonus awards and stock options (Bartlett 7). Performance goals employees were measured against were specific measurable ones, these performance objectives shortened to SMART: Specific, Measurable, Attainable, Results-based, and Time-bound (Bartlett 2). This formal review system also included more common evaluations by managers to ensure no unexpected deviations. The system also included the process of employees evaluating themselves, these self-evaluations then being sent to the manager who does their own evaluation. The employee and manager then meet to discuss the review (Bartlett 8).

Stock options awards are based on whether the employee is considered a long-term asset of the company and awarded on this basis. This is an important symbol of Microsoft’s commitment to retaining good employees.

ANALYSIS OF HUMAN RESOURCE MANAGEMENT AT MICROSOFT

Recruitment and Selection

It is reported that companies must be aware of where they are going in the future and how the current configuration of human resources relates to this (Noe et al., Ch.5).

As we have seen, Microsoft employ different recruitment practices than many organizations based on their need for the very best people. Microsoft actively recruit suitable employs and focus on the right type of person rather than the right type of skill level. In ‘Human Resource Management: An Experiential Approach’ (Bernadin & Russell) human resources are described as an important source of competitive advantage. Microsoft use human resources for competitive advantage, basing their success on having the very best people in the industry and inspiring them to be the best. It is this that leads to Microsoft’s unique recruitment practices. Based on the importance placed on having the best people in the industry, their aggressive ‘head hunting’ techniques are justified.

What is most crucial here is that Microsoft’s recruitment practices meet their human resource needs. It is an important sign of the focused approach of Microsoft, with their actions always leading towards their ultimate goals.

Some important factors to be considered in recruiting staff include that the recruiter should be from the same functional area and that candidates should not be deceived about the negative elements of a job (Noe et al., Ch.5). The interview process at Microsoft reflects this with the new employee being interviewed by the manager. The recruitment process also goes further than just informing the employee about the negative aspects, instead the recruitment process actually tests the employee on the negative aspects, putting them under the same type of pressure they would be put under on the job. This is an effective method, as it can be ascertained, that if the employee is successful in the selection process, they will be successful within the organization.

Employee Motivation

McNamara says that “the key to supporting the motivation of your employee is understanding what motivates each of them.” The important thing about Microsoft is that they employ people who specifically will be motivated by the environment they provide. They do not employ skilled people and expect them to be motivated, they employ intelligent and driven individuals and give them the environment and the opportunity to develop beyond their current level. The fit between employee and organization is important to motivation and this is what Microsoft ensures.

A recent study reported in the Journal of Applied Psychology reports that employees working on projects are more efficient when their goals relate to the overall team goals rather than individual goals (Kristof-Brown). Microsoft ensures that the goals of the organization are understood via its strong culture and by employees being clearly aware of what is required of them.

Motivation can be described as providing a work environment in which individual needs become satisfied through efforts that also serve organizational objectives (Schermerhorn 395). Microsoft achieves this by incorporating their goals into their human resource management programs. The people recruited and the systems within the organization all serve to motivate the type of people that Microsoft values.

Employee motivation can also be related to Maslow’s hierarchy of needs theory. This theory has the top level of the needs theory as self-actualization needs, which is a persons need to be self-fulfilled. It is described that the way to achieve this is to “provide people with opportunities to grow, be creative, and acquire training for challenging assignments and advancement” (Daft 530). This is exactly what Microsoft provides for its staff and also exactly what it expects, for them to be the very best they can be. One employee of Microsoft describes this saying “the only way to achieve here is to push the envelope of what you can do. Every day try to do better. Work smarter. Work harder. Innovate more. People are focused 100% on performing their job as successfully as possible (Bartlett 5). The link can also be seen here between the type of people that are employed and what is expected. Microsoft hires the very best people, for these people to achieve self-actualization they need to be pushed harder than most and given greater opportunity to achieve than most.

Employee Loyalty and Satisfaction

We have seen that empowering employees is one of the new approaches being utilized by Microsoft. It is noted that empowering employees requires a culture that reflects this (Billsberry 292). In the Microsoft case we see that a change of culture is actually the reasoning behind the introduction of empowerment, suggesting that the change is considered and will be successful.

Employee loyalty and satisfaction is also assisted by Microsoft’s consideration of its employees. We saw that in the early days, the company largely consisted of young graduates and the company built a culture around the needs of this group of young graduates. This process has continued, with Microsoft always attempting to cater for the needs of its employees.

The latest attempt is by providing greater opportunity for younger employees, by having older employees coach them.

Three aspects of tasks that affect job satisfaction are job complexity, degree of physical strain and perceived value of the task (Noe et al., Ch.10). Microsoft manages this by providing the high complexity high achievers require and by ensuring the perceived value of the task is high. This high value is communicated via the high-achieving culture the company maintains.

This issue can also be looked at in terms of an employee’s role. There are three factors associated with roles: role ambiguity, role conflict and role overload (Noe et al., Ch.10). Role ambiguity is kept low by Microsoft because of the consistency in the culture and in what is required, role conflict is also kept low. Role overload is kept high, with employees pushed to their limits. In most organizations this would be a concern, but Microsoft’s awareness of this means that they specifically seek employees who will react well with role overload.

Employee Rewards

In ‘Ideas That Will Shape the Future of Management Practice’ (Bohl, Luthans, Hodgetts & Slocum) human resources is described as being the way of the future with it being argued that we will see a more mature articulation of the importance of people as a firm’s only sustainable competitive advantage. The change is described as giving high reward for high performance with the focus on a partnership.

As we have seen, Gates recognized the importance of his people from the beginning and this is reflected in the reward systems, that not only rewards for current achievement but rewards stocks to those that are seen as valuable future assets of the company. This can be seen as a prime example of the focus on a partnership, those that are seen as being valuable to the company, are rewarded with shares that will increase in value even as that person assists in moving the company forward.

Important to the reward system is also the fact that there are two reward paths available, one for those following the technical path and one for those following the management path. The skills of employees can be divided into three areas: conceptual skills, human skills and technical skills. Typically, conceptual skills become more required and technical skills less required as one moves up the corporate ladder (Daft 15). Microsoft is a company valuing technical skills, due to the nature of its product. In most organizations, employees with conceptual skills would be rewarded by moving up the corporate ladder, while those with technical skills would not advance. Microsoft, however, offers two advancement path, allowing those with technical skills to advance as technical experts, just as those with conceptual skills advance as managers.

Reward systems are an important part of organizational culture, they communicate to employees what is valued by the organization (Robbins, Bergman & Stagg 84). By having these two reward systems, Microsoft effectively communicates that both sets of skills are valued. This is also an important sign of Microsoft’s consistency. They recruit people for technical ability and so not rewarding for it would be dissatisfying to employees.

The rise of the Internet has resulted in many important issues being raised. One of these major issues relates to privacy and security concerns.

These issues become important ones for organizations to consider for several reasons. Firstly, because private employee information is recorded on computers, secondly because organizations have their own important information recorded on computers, and thirdly because many organizations conduct business over the Internet via an informational home page or by Internet retailing.

The question of security will become an important one for organizations and will likely become the responsibility of the human resource department in many organizations, with the questions of security and privacy an extension of information systems generally handled by the human resource department (Bernardin & Russell).

In this paper, the privacy and security issues that arise from the Internet will be investigated. Recognizing that the Internet is relatively new and rapidly changing, the investigation will be completed with an eye for looking forward to the future.

Firstly, I will discuss the modern history of the Internet and how it relates to privacy and security concerns. I will then discuss several key security and privacy issues relevant to organizations. I will then briefly discuss the protection options available to deal with these issues.

THE INTERNET AND PRIVACY & SECURITY

Privacy is not a new concept, but one that has been of importance to people for centuries.

The advent of the Internet however, is taking privacy issues to a new level. Privacy is described as “the ability of individuals to determine for themselves when, how and to what extent information about them is communicated to others” (IBM).

Security also becomes of wider concern. With the importance of the Internet and information technology to society, it becomes a tool that can be used against national security, against individuals or against organizations.

As well as this, the mass of information available on the Internet can be misused.

The Internet has become a profound part of our society, impacting on every aspect of it. With this wide impact, security issues reach out across various topics and take on various forms.

Also relevant is the fact that the Internet remains in its infancy, with the Internet revolution described as “one that experts estimate is less than 10 percent complete” (IBM).

As the Internet grows and changes, new security and privacy issues will appear. As the environment changes, the privacy and security issues will be reconsidered.

There is no doubt that the issues the Internet creates are likely to change, as the Internet and society continue to adapt to each other. Even recognizing this, by assessing the issues now we can begin to see their current impact and also their future direction.

SECURITY AND PRIVACY ISSUES

Hackers

Everyone is under threat from hackers, from the organization, to government information, and through to individuals. The reason for hacking varies as widely as those that become victims of hacking,

“crackers are not necessarily after secret files or valuable corporate data, many just want a machine – fast. Most victimized machines are merely launch pads for other attacks” (Tanase). Essentially, hackers hide themselves by operating through a chain of machines.

Reasons for hacking are extremely varied and can include accessing information, changing information records and launching viruses.

For the organization, information may be extracted to be used against the organization. This information could then be used in various way. Disgruntled employees may seek information to use against the organization.

The threat of misuse also depends on the nature of the organization. A university for example has a threat of students changing their results records, while an organization involved in controversial issues, such as a gun manufacturer may be threatened by anti-gun protesters. Hackers may also operate by damaging company web sites.

The reasons and form of Internet hacking crimes are just as varied as typical crimes.

As the Internet becomes more widespread, Internet crimes may come to mirror all crimes. For example, just as a disgruntled employee may vandalize their place of employment, a disgruntled employee may vandalize the organization’s web site.

Current Effect on Business

Hacker attacks are the largest threats for governments and businesses, with ninety percent of business and governments suffering hacker attacks each year (Krebs).

Of those businesses, only one third were willing to report the attacks to the FBI (Krebs).

Eighty percent reported financial losses as a result but the majority were not willing to quantify these financial losses (Krebs).

The majority of organizations and government departments do suffer from security breaches. Also noted is that this is not all from hackers, a major component is also from company staff. The fact that the majority are not willing to report or verify the problems, is an indication that this is a problem that is thought to be significant as well as damaging.

Organizations generally avoid reporting such problems to avoid alarming shareholders, while government departments avoid public concern. With shareholders and the public warranted in their right to know of these breaches, there is a future likely, where such breaches will be required to be reported.

The reality is that these threats cannot be ignored. A study by the National Institute of Standards and Technology recognized that “information and the systems that process it are among the most valuable assets of any organization. Adequate security of these assets is a fundamental management responsibility” (NIST).

The report by the National Institute of Standards and Technology provides a framework for determining a security system program. The needs of the programs are twofold:

“Agency programs must: 1) assure that systems and applications operate effectively and provide appropriate confidentiality, integrity, and availability; and 2) protect information commensurate with the level of risk and magnitude of harm resulting from loss, misuse, unauthorized access, or modification” (NIST).

This considered system and approach to determining may mirror how organizations will approach security considerations in the future.

It is also noted that “many organizations and consumers are only just beginning to realize the value of applied information technology and the increased efficiency and effectiveness of innovations in data collection and management” (IBM).

With increased realization will come increased use of information by organizations, and with this increased use will come a greater need for privacy and security considerations.

Information on the Internet

The Internet is also capable of infringing on a person’s privacy as a publisher of information.

We can see the Internet as a tool for communicating information, just as television, newspapers and other media are.

The difference with the Internet is that the information published is not as well controlled.

With television and newspapers, controls are in place to determine what will be communicated. It is generally not possible for a person to publish information without it being verified in some way.

However, with the Internet, a person can publish and communicate messages to people from all over the world with no requirement to have checks on the information.

Essentially, the Internet allows anyone to say anything, and to say that anything to a lot of people.

This leads to the Internet being capable of being used as a tool to defame others.

A recent court case shows that this does happen, where the case is described as follows:

“A state-court jury awarded $3-million Tuesday to a University of North Dakota physics professor who sued a former student for libel after she accused him in an online article of being a pedophile. The professor, John L. Wagner, 41, filed his lawsuit after an article titled “Kinky, Torrid Romance by Randy Physics Professor” was published on the Web site Undnews.com” (Bartlett).

This example shows how information on any subject can be widely published on the Internet. The guilty verdict indicates that the law does consider this to be a case of defamation.

The ease of publication on the Internet and the difficulty in controlling it is also evidenced by the fact that the article is now posted on another web site (Bartlett).

This situation is one that may find controls placed on it in the future, controls that act as a safeguard for what can and cannot be published on the Internet as fact.

The guilty verdict in this case also leads the way for other defamation claims to be made and defamation laws to be determined for the Internet.

While this is a case against a person, it is also possible that this same type of defamation could be carried out in regards to an organization, its products or its services. It is feasible that a disgruntled customer could publish damaging reports about the company.

More Possibilities

The possibilities of using the Internet for illegal advantages include scams as new and ingenious as the Internet itself.

One opportunity that is not currently illegal, though is concerning, is using one piece of software as a means for distributing another.

One example that is causing universities concern is KaZaA, software that is used to store and swap video clips and MP3 files. This software is specifically targeted at students and is downloaded by large numbers of students. It has been reported that this software has “software attached to it that could allow the company to use student computers and university bandwidth for commercial ventures, such as serving Internet advertisements or selling computer storage space” (Carlson).

While this is not an illegal process, it is a misleading one for the user. It also shows how technology can be used for purposes other than that which we purchase them for. This is important because this is one way information can be hidden within programs and there is potential for this to be used illegally in the future. It is also said that universities are specifically targeted because they have a considerable amount of unused hard drive space (Carlson). This could apply equally to many organizations, so organizations may also become a target of these programs in the future.

SECURITY AND PRIVACY PROTECTION

Security Programs

Security programs currently consist of two main types. The first are virus programs that prevent damaging computer viruses from being received. One of the most interesting things about these programs is that they require constant updating.

These constant updates illustrate how quickly virus concerns change. Essentially, one group of people are constantly creating new viruses, while a second group remain alert to these viruses and create antidotes for the viruses.

The second type of security program is firewall software. Firewall software prevents hackers from accessing a computer. Just like viruses, these programs are under constant upgrading to keep up with hacker technology changes.

Security and Privacy Consultants

Security and privacy concerns have also created a new industry of consultants, who offer advice, personnel and systems to governments, organizations and also individuals.

An example of one of these firms is Rent-A-Hacker, whose company profile reads as follows:

“Rent-A-Hacker was formed to afford anyone the means to protect their valuable information assets. Unlike most Cybersecurity firms whose goal is to sell you security products, our focus is on auditing, detection and proactive prevention” (Rent-A-Hacker).

To achieve these goals, the organizations makes use of experts in Internet security and in hacking. This organization is an example of where the future of Internet security may lead.

With experts developing new ways to breach Internet security, software programs may no longer be enough. A defence system of equally effective experts may be the only way to combat hackers and other breachers of both security and privacy.

Government Actions

The Government plays an important role in effecting privacy and security concerns and does this on two levels. The first is in their role in setting the rules for the private sector. The second is in establishing guidelines for the government’s own use of information (IBM).

With the broad implications of the Internet it is also recognized that government control becomes essential, “the growing interconnectedness of society underscores the need for government officials to understand the broad implications of the Internet and the information technology revolution (IBM).

The government meets this challenge by producing a set of internationally-accepted principles, with these principles developed by the Organization for Economic Cooperation and Development and are known as the OECD guidelines (IBM).

These guidelines include ‘fair information practices’ for organizations that outline appropriate security of data and disclosure of data practices (IBM).

IBM describes the US security and privacy measures, saying:

“The US has legislatively-required protections in focus areas: government, credit reporting, banking and finance, health, and children’s information. In other commercial areas, such as retail and online marketing, the US relies on its common-law traditions coupled with industry responsibility and leadership to chart the way” (IBM).

Legal Protection

The legal component of the Internet is handled largely by the Computer Crime and Intellectual Property Section of the Department of Justice. The actions of the section are described, saying:

“Section attorneys advise federal prosecutors and law enforcement agents; comment upon and propose legislation; coordinate international efforts to combat computer crime; litigate cases; and train all law enforcement groups. Other areas of expertise possessed by CCIPS attorneys include encryption, electronic privacy laws, search and seizure of computers, e-commerce, hacker investigations, and intellectual property crimes” (CCIPS).

Legal protection in the US is wide and varied, covering a variety of issues that the Internet relates to.

This includes the considerations of e-commerce, covering topics including Internet gambling, online sales of healthcare products and consumer protection (CCIPS).

Laws are also existent relating to computer crimes. These crimes include cyberstalking, Internet fraud, child pornography and identity theft (CCIPS).

Insurance Protection

Another industry that reflects the rising importance of Internet security is the insurance industry.

Policies purchased for 2001 were just under $100 million in 2001, with it expected to rise to at least $1 billion by the year 2007 (Salkever).

The policies available for organizations include protection from “virus attacks, denial-of-service assaults, cracking into company systems, and Web-site defacements. Some companies even write policies that cover cyber-extortion, where an online intruder or an insider steals crucial data such as customer credit-card files and demands a payoff. The rising tide of lawsuits against companies whose employees have used corporate e-mail inappropriately has also caught the attention of e-insurers” (Salkever).

It is also noted that with the insurance industry becoming a major part of Internet security, they will have the opportunity to shape the computer security business.

This will occur by insurance companies defining what types of security products and practices are acceptable. Following this, premiums will differ based on what software protection systems are used, effectively rating product systems and influencing the business consumers choice.

This is also expected to effect business, with e-insurance becoming a requirement, “as cyber-insurance goes from exotica to a business necessity, the computer-security industry will have to adapt to keep the insurers happy” (Salkever).

There is certainly potential for insurance companies to influence both the coverage required by organizations and the products and actions required to attain this coverage, “that’s the wave of the future, as insurers exert even more pressure on the technology practices of any company wishing to insure this increasingly important facet of business” (Salkever).

Also recognized is the possible relationship between insurance companies and security products with it being argued “that insurers will demand responsibility from software companies for flaws in their products — and that they’ll have the legal firepower to hold the software outfits accountable” (Salkever).