Its no surprise that both security and cultural impacts stemming from the COVID-19 pandemic have shaken up business operations and information security programs across the globe. As organizations continue to evaluate return to office scenarios, there are a variety of key employee and employer considerations. Rather than only focusing on the point-in-time circumstances of “secure work from home” operations, many organizations are considering more proactive “secure work anywhere” policies.
In this blog, we discuss the evolving “secure work anywhere” landscape and review five proactive strategies to consider your employees’ and business’ information security health and safety.
Register for the webinar on August 25, 2020 at 11:00 am EST | 16:00 BST: “Secure Work Anywhere, Adapting to the New Normal from Corporate Policies to Security Practices.”
Cultural Expectations and Drivers for Change Impacting Information Security Programs
Flexible and remote work policies have been considered a competitive advantage for years as technology enables businesses to operate across outsourced supply chains and tap into the “gig” economy of freelancers. However, the recent uptick in “secure work anywhere” has drastically impacted organization’s information security programs.
Now more than ever it is important for business leaders and individual employees to understand the implications that “security work anywhere” has on the business and its information security program.
Leading research firm, Gallup recently reported updated survey results in their article How Coronavirus Will Change the ‘Next Normal’ Workplace (Harter, 2020).
- Employee Expectations: “More than half of at-home workers say they would prefer to continue working remotely as much as possible once restrictions on businesses and school closures are lifted.”
- Management Accommodations: For managers currently overseeing remote workers, “52% say they will allow their employees to work remotely more often as a result of this experience.”
Ultimately, many organizations are increasing their emphasis on information security practices to support today’s new “secure work anywhere” normal.
Transitioning Your Information Security Program to the “New Normal”
What are some of the critical areas of concern and key questions that organizations should ask themselves to prepare for unknown “secure work anywhere” circumstances and evolving employee expectations?
- Device Security: What are your hardware configurations and how are personal devices being used? Can you validate that the appropriate permissions and safeguards in place?
- IT Governance: Can current infrastructure changes support long term operations? Have you considered implications for at-home printing?
- Data Location: Has company data been placed in unapproved environments? What about information that has been printed and discarded within someone’s home?
- Communication Tools: How many video conferencing tools is your organization using? Have you increased resources to monitor vulnerabilities across additional channels?
- Security Awareness Training: Have you revised your policies in line with circumstances? Has everyone completed up-to-date phishing training?
Ultimately, all relevant stakeholders should be involved when rolling out a new GRC and information security initiative. For example, security, HR, and core second-line of defense professionals should not only consider the cultural goals of the business, but also plan for the necessary infrastructure to support operations with a proactive information security program and remote working guidance.
Our team of privacy and security experts will be discussing this and more during our upcoming webinar on August 25, 2020 at 11:00 am EST | 16:00 BST: “Secure Work Anywhere, Adapting to the New Normal from Corporate Policies to Security Practices“. In this webinar, we’ll highlight:
- What disciplines and business structure have already been operating “secure work anywhere”
- How can the extent of your internal governance policies help or inhibit your employees ability to execute their job effectively
- Considerations to balance security-based monitoring and employee privacy rights within personal environments
- Technology and innovative strategies to put your “secure-work-anywhere” plans in motion.