Over the past two years, change has been rapid and widespread in the business world. The pandemic forced a frenzied shift to remote work, and the rushed adoption of new tools, workflows, and communication methods. Now, rather than cram back into the office all at once, many companies are testing the waters of hybrid work – either as a stepping stone or an indefinite transformation.
Hybrid work is all about flexibility, but that brings its own form of chaos for those overseeing the operation. With some people in the office and some at home, it’s no small task to protect company data. IT teams are being forced to rethink security, again. And while it may sound overwhelming, the best approach doesn’t need to be. By making security a part of your work culture, you can turn every team member into an extension of IT, regardless of where and how they choose to work.
When nothing is certain, security needs to be
Outside the office, employees are working in various locations, on home and public Wi-Fi networks, and with a wide range of devices and apps. That means a lot of new security risks to consider. But many businesses actually loosened security protocols during the pandemic, and nearly 80 percent of IT leaders feel their organization is unprepared for a cyberattack. It’s a recipe for trouble, to put it lightly.
With many people returning to the office, even if only part-time, the excitement of face-to-face meetings and some return to routine is very real. But you can’t forget about security. If you’re embracing a hybrid model, you need a new plan that’s flexible enough to work for everyone – wherever they’re working from – and not require constant changes.
At the root of the problem are outdated ways of thinking around “effective security.” Corporate VPNs, identity and access management tools, and antivirus software all serve a purpose, but they’re not perfect, and don’t cover every blind spot. True holistic security involves a teamwide effort; you need to give your employees the tools that will empower them to change their mindset, and how they view their role in protecting the organization. That’s where a culture of security comes into play.
Why a culture of security is the answer
The largest cause of data breaches is the “human element,” such as weak passwords and clicking on unsafe links in emails. Cyber criminals often gain entry to critical data through individual accounts, by taking advantage of honest mistakes like reused passwords and data shared on unsecured channels. And all too many employees don’t know this is a problem, because their employers don’t tell them or set a better example.
Even with a robust security stack in place, it’s impossible to monitor and control all employee behavior. It would also be pretty unethical if you could. A culture of security puts power in your employees’ hands to make safer choices, with a better understanding of the part they play and how they can best contribute. A “security-first mindset” in their day-to-day work will naturally protect the company and your customers more than any individual tool could. Nurturing this kind of thinking will also remove the need and temptation to perform surveillance on your employees.
Steps you can take
If you’re adopting a hybrid work model, start thinking about your security strategy – and how to foster a supportive company culture – right away. The best way to get started is by following these steps:
First, you’ll need buy-in from the leadership team to get the resources you’ll need. Explain the problem and solution, and how this culture of security will create long-lasting positive changes while other plans continue to evolve in your hybrid work environment. Leadership can be crucial ambassadors to the program and help remove roadblocks for team leaders.
Once you have buy-in, assemble a team to get things moving, including team managers, IT decision makers, and HR. Together with IT, research the correct tools that will make it simple for your team to practice safe habits as they bounce between work, home, and remote locations. A password manager like 1Password can make the easy way of doing things also the most secure way. And when employees use “shadow IT” – apps and sites that haven’t been approved by IT – it will ensure they do so safely with strong, unique passwords.
Then, document the policies your hybrid team should follow and make sure they’re both accessible and easy to understand. Just as important as your security messaging is ensuring it is communicated and absorbed by your employees, whether that’s 10 or 10,000. Even the most airtight policies will be meaningless unless everybody follows them – both in the office or remote. Plan a kick-off event to draw maximum attention to your improved security guidelines, as well as a training program for your new tools.
Your culture of security is also a very personal endeavor and it should feel that way to your employees. The goal is a shared sense of pride in keeping the company and its customers safe. Along with covering the basics, your project team should inject personality and heart into this culture so it feels like a natural extension of your company, and not a pre-packaged manual you’re prescribing. It should also be tailored to your industry and how you do business.
Moving faster and safer, together
As you roll out your password manager and updated security protocols, let employees know they have a direct line of communication with IT, free from judgement. This can mean an open-door policy in the office, a dedicated Slack channel, a weekly group chat with the security team, or a combination of all three. Find what works for you, so long as your hybrid team feels both informed and empowered in this new setup.
Encourage your team to not only ask questions about security when they pop up, but also mention suspicious activity or potential security slip-ups they may have made. By rewarding this proactive, vigilant behavior, it can boost morale and maximize buy-in to your culture of security. Give your employees a voice wherever they’re working from in your new arrangement.
Finally, support the IT department as much as possible. If they feel seen and understood, they’ll be more likely to perform at the highest level and keep your business secure. Investment in IT – from staffing and training, to the technology they use every day – is a cornerstone of a security-first culture. Now more than ever, the role of IT cannot be understated.
Change will continue. More companies will reopen their offices, while others will close them, perhaps for good. Along the way, be patient and find your company and team’s comfort zone with hybrid work. And with the right culture of security, your team will be equipped to navigate these changes without jeopardizing your business – and customers – by leaving the door open to cybercriminals.