The future of work requires a more human approach to security
Most businesses that have adopted off-site or hybrid working models over the last two years made the change under immense pressure. The need was incredibly urgent and timing was a major factor. Now that they’ve had a chance to adapt and settle in, leaders are revisiting how their teams work in a more proactive way. They’re updating strategies and policies with a focus on what will be best for both the company and the employees long term.
This is especially true when it comes to data integrity and security.
Hybrid/flexible work will be a “standard practice” within three years, say more than 75 percent of respondents to a survey conducted by Economist Impact and commissioned by Google Workspace. And while the security challenges related to flexible work certainly aren’t new, the last 18 months have highlighted many vulnerabilities at scale.
We’re in a new era of data security where business leaders must abandon traditional ideas of what a workplace looks like. Work is no longer a physical space, but rather a series of interconnected policies on how to get things done. Where the work happens, whether that’s at home, in a traditional office, or any number of locations between them, simply isn’t as important as it used to be.
With this thinking, security requires a new approach. It’s no longer just about protecting information or restricting how that information is accessed—it’s about building safe, efficient, and effective ways to facilitate seamless collaboration and information-sharing.
Take employee-owned laptops, for example. If business leaders didn’t provide workers with all of the hardware and devices needed to thrive when work shifted off-site, many would be using their own personal devices to complete job-related tasks. Their personal devices may not be equipped with the same security protections as in-office devices. Sensitive data loss, leakage, and theft is far more likely when using personal devices than it was when everyone was in a controlled office environment.
The same is true for the opposite scenario, in which employees are using company laptops on personal Wi-Fi. Leaking sensitive company data is among the top security challenges, say 20 percent of business leaders surveyed in 2021 by Entrust. In the same survey, 21 percent of business leaders say they are worried about security risks from unmanaged home networks.
So what’s a security-minded business leader to do?
On-premises business systems have relied on hyper-controlled environments, most often through in-office network security or Virtual Private Networks (VPN). Cloud-based platforms, on the other hand, promote data sharing and collaboration regardless of physical location. While there are many upsides to moving information to a cloud-based program, anywhere, anytime access is crucial. And these days, almost all business-critical programs and apps can be accessed through browsers such as Chrome, which means employees don’t need additional device drivers in order to access the information they need to be successful.
Zero-trust models shift the focus to the individual user without a need for VPN technology, so access controls are enforced no matter where the user is or what device they’re using. Any user or device attempting to access a network or its resources requires authorization, which creates higher security limits on file-sharing, application downloads, and data usage. It also extends to employees using their personal devices, which can alleviate some of the worry that well-meaning employees could cause an unintentional breach.
Secure by design
The last thing an employer wants to do is create barriers to collaboration, and requiring an excessive number of checks and balances to access sensitive information can do just that. When tools are secure by design, however, employees can work together seamlessly. Rather than avoiding risk completely, businesses can monitor and maintain security risk governance to open up the lines of communication and foster a more collaborative and innovative culture.
When implemented well, this holistic approach prioritizes security while making systems virtually invisible to employees. Aside from the occasional nudge to the end user that their activity may be unsafe, everything happens behind the scenes.
Building a culture of security
Beyond secure infrastructure, creating a company culture that prioritizes security can help minimize risk among a dispersed workforce. But remember, security and privacy policies are only as strong as their latest update. A 2020 report stated that nearly 25 percent of organizations hadn’t updated their security protocols in over a year. When updating policies and protocols, business leaders have the opportunity to meet employees where they are. This not only builds a culture of trust, but one of holistic security.
One way leaders can embed security culture into their organization is to collaborate with IT leaders on best practices and share them in actionable bites. Developing security training for employees and holding dedicated “office hours” to answer questions as they arise are two additional approaches to security culture.
Perspective is important and organizations have the opportunity to view employees as both partners and a line of defense, rather than seeing them as potential liabilities. It’s true that the way people work—and the way they access sensitive information—won’t always be perfectly secure, but letting workers know that they’re inherently trusted improves productivity and employee experience. When organizations block access to things like news, music, and email for employees, it can create tension. The best approach is to create checks and balances that allow for efficient response if and when problems do arise, instead of monitoring every click and download.
The shift to hybrid work compels business leaders to reflect on their practices and adopt new security solutions. And because these work models aren’t going anywhere, it’s important to address potential risks in a holistic manner. With an employee-centered approach, organizations can navigate today’s complex threat landscape with more confidence and better results.
Learn more about how to protect your organization.