Securing Remote Work Tools Without Impacting Business Productivity

As companies plan to implement permanent remote work programs to suit business needs, IT and security departments face new challenges to enable a productive and secure remote working environment. Jadee Hanson, CIO and CISO & Lisa Woodson, Chief People Officer of Code42, explore how these departments can work together to create a collaborative culture.

The past year was a year of adaptation for all of us, especially for HR professionals whose roles have traditionally relied on in-person interactions with employees, interviewing prospects, and working closely with the executive team on company culture. Now, everything from recruiting to culture building is conducted nearly 100% virtually across a vastly distributed workforce – and it shows no signs of reverting to pre-pandemic ways. 

Once the pandemic subsides, most organizations will support a hybrid work model moving forward. This new normal for work brings with it new challenges for protecting company data and intellectual property. 

The duty to maintain collaboration and productivity for the distributed workforce at many organizations falls on the HR department’s shoulders. Still, it requires the assistance of IT and Security departments to implement the right technology for the organization. It’s important that HR, IT, and Security align to support the culture and foster collaborative work and productivity. Security’s role in this effort is to provide technical expertise about the risk the technology solutions pose to organizations’ data. In many cases, this risk will not be easy to identify by HR or IT. To equip the workforce for collaboration in a secure manner, a joint partnership is needed.

Benefits – and Risks – of Collaboration Culture

Collaborative work culture has its advantages. It helps employees remain connected, influences creativity, and boosts productivity across the company. Therefore, building a culture around collaboration is a top priority for executive teams, with research from Code42Opens a new window identifying that workforce culture ranks first among CEO, CIO, and CHRO strategies and priorities. 

In turn, companies have made massive technology investments to make work more connected through tools like Slack or cloud-based software suites like Google Workspace. These investments paid off in spring 2020 when companies went remote overnight, but as many discovered, it didn’t stop employees from utilizing non-sanctioned tools to improve collaboration with their colleagues. 

Code42’s February 2020 Data Exposure ReportOpens a new window found that 37% of employees use non-sanctioned tools every day to share files with colleagues – an action that puts data at risk due to lack of visibility by security teams. The latest Code42 report released in December 2020 found that employees are 85% more likely to leak sensitive files now than before the pandemic began.

These are alarming statistics. When left unaddressed, insider risks due to careless data handling, such as sharing files through a personal drive or an un-sanctioned platform out of mere convenience, can turn into data exposure and leaks and lead to significant financial or brand damage. As an HR professional partnered up with security – as part of an insider risk program – you play a crucial role in keeping data secure and employees engaged and productive. 

Learn More: Collaboration is Key to Improving Efficiency in Your Organization

Technology

Always-on work environments and accelerated project deadlines have placed immense pressure on employees, forcing them to do almost anything to manage their workloads, including finding the easiest way to share data and collaborate with others.  Doing this across many devices, and now on home networks, creates the perfect storm for increased risk to company data. 

It’s easy to blame employees for sidestepping established company protocol and conducting careless behavior – but this couldn’t be further from the truth. The reality is, the majority of these activities are done with the best intentions in mind and are the product of the work environment established by employers. 

We must stop pointing fingers at employees who are just trying to get their work done and instead look internally at the systems and technologies that impede their productivity. It’s time to help them complete their tasks without increasing risk to the company. It’s time to wrap a layer of security around collaboration technologies. 

A fool’s errand today would be to think that you can stop all employees from using non-sanctioned collaboration tools, especially with the pandemic proving that some form of remote work is here to stay. As companies determine their post-pandemic work practices to align to business needs and employee preferences, one thing is clear – working beyond the traditional boundaries of an office is here to stay. Rather than blocking any browser upload or file-share that may occur, HR and security teams will find much greater success delivering and supporting technologies that enable their employees to work securely and without a prescribed perimeter. 

Learn More: 3 Cybersecurity Considerations to Secure Your Remote Business

Training

Because hybrid work models are here to stay, it’s up to leadership teams to adapt their policies and procedures to embrace collaboration long term. In addition to technology, collaborative work demands a robust training and awareness program. Every company should have an acceptable use policy at a foundational level that all employees acknowledge and sign. Companies should also train employees on protocols for using corporate-approved file-sharing tools properly and share those same protocols with their third-party partners and vendors. 

With workshopping files in real-time and sending documents across and outside the organization, security teams need to monitor that people use file sharing tech within guidelines. What if security sees that an employee handles data outside protocols? First, presume positive intent. Often, employees make mindless errors in how they share files and are receptive to reminders about security protocols that minimize risk. 

When it comes to training sessions, it is vital to make them relatable to the current situation. A training filled with in-office examples isn’t going to resonate with attendees. Instead, create scenarios for hybrid or remote workforces. Show employees what to do if they receive suspicious emails from company-owned domains, provide tips for securing at-home networks, or provide best-practices for an application outage, so that employees know what action to take when the inevitable happens while they are working outside the office. 

Transparency 

Regardless of how you educate your teams around safe workplace collaboration, the most important thing to keep in mind is to remain transparent about their actions. Explain to teams that security threats have only increased, and you need everyone’s help to remain secure. If you’re deploying file monitoring tools, be upfront about the reason why. Let employees know that the goal is not to spy on them but to monitor any data inadvertently exposed. Your goal is to make sure that data or IP critical to keeping the business afloat doesn’t get into the wrong hands, not to see if an employee shared a photo of their dog with the rest of the team. 

As much as it is HR, Security, and ITs role to drive strong company culture and provide the right collaboration technology, it’s equally important to instrument the right monitoring to ensure data is protected. By pivoting company best practices, and delivering technology that aligns with the present needs of employees, designing relatable training opportunities, and being transparent about strategy throughout these processes, you’ll find employees are more engaged and more bought in. Ultimately, that will lead to a more secure, thoughtful, and productive workforce. 

Let us know if you liked this article or tell us on LinkedInOpens a new window , TwitterOpens a new window , or FacebookOpens a new window . We would love to hear from you!