Encouraging security resilience
Promoting security resilience for remote workers is vital to employee health and reducing business risk. In the second targeted installment of this Remote Work Risk series, I’m sharing guidance on how to keep your workforce secure. In the first focused blog, I started by addressing safety. And, of course, some of these elements naturally overlap.
Before COVID, much of employee security focused on physical environments, the work of site risk assessment, and protecting office entry. No business wants to run afoul of OSHA in the US. So, most workplaces have robust practices and a team dedicated to mitigating risks. Read on for my top security tips for your employees working from their home office or in the community.
Post-COVID practices build on earlier guidance
Understandably, much of the information I will share in this blog is not new. However, the size and scope of concern are. For many companies before the pandemic, working from home was often a privilege or relegated to employees whose roles required them to be on the road or meeting with customers face-to-face. Sales, recruiters, adjusters, shippers, mail handlers, and construction are just a few of the roles that come to mind. There are many more.
What changed with the pandemic was the number of previously office-based service workers empowered during COVID to work remotely out of an abundance of caution. To limit the coronavirus spread or protect vulnerable populations, corporations chose a response strategy to allow the majority of their workforce to telework. In many organizations, technological advances and IT teams’ yeoman’s work to support this cause mitigated operational interruptions. It’s gone mainly unrecognized through the pandemic that our people and economies would have suffered far worse without technology.
An expanded focus and new paradigm
As many companies will continue to enable their employees to telework or adopt a hybrid schedule, resilience professionals must support updated security initiatives. Most employee security teams focused on office environments. To foster resilience, security practices today encompass employee activities outside of worksites. There’s a growing sentiment that Duty to Care must include lone employees or those working outside of the office space.
Again, these ideas are not entirely new. But, the potential impact and need to ensure your employees know you are looking out for them has grown. As Everbridge suggests in a recent white paper, there’s an elevated risk for accidents and the potential risk of violence across the hybrid work environment. No organization wants to see a rise in adverse events, so the time is now to analyze and address any existing exposures.
Rise of the resilience professional
Promoting security resilience for remote workers avoids pitfalls caused by a fractured workforce. Most companies struggle to reframe and articulate their culture in the new normal. I’m not saying they are failing, but many are slow to transform their messaging and approach. Some more than others face challenges adjusting to the new paradigm.
Resilience professionals can act as advisors and guides in sharing how updating best practices for telecommuting makes sense. Some employees are expected to push back and reject return directives regardless of leadership decision-making. Or, they’ll seek new employment with companies allowing greater flexibility. Either way, it’s our role to envision pathways that support a company’s vision while delivering strategies that mitigate business risk.
Remote work security guidance
So, let’s get to it. Here are the security tips I recommend for at-home workers to boost their resilience:
- Encourage employees to set up home office spaces conducive to an appropriate workspace, free from threats.
- Direct employees to be mindful of physical security. For roles that include engagement with customers and the public, take precautions, whether in your home or on the road. Consider threats from environments that could be risky–to employees’ physical or information security.
- Advise employees to keep their work area clean and clear of potential hazards.
- Promote home fire, evacuation, and personal/family disaster planning akin to what you would do when they’re in the office. Ready.gov has information to get them started.
- The technology department should highlight the most up-to-date digital security practices for telework. Tell employees about optimal procedures for at-home, field, and travel security. Zero trust policies are becoming commonplace. Good protection applies to safeguarding work devices as well. For example, personnel must avoid public wi-fi is critical when mobile in the community or traveling.
If your company hasn’t yet developed guidance, providing employees with resources like the telework.gov checklist is helpful. I could dig much deeper into each of these items, but I am confident you will research them as needed.
Mitigating WFH risks
Well, I admit the lines between employee security (physical) and safety (mitigating or reacting to harm) can get blurred even for me. So, forgive any dual coverage between the blogs. I always look forward to your comments if you have any thoughts on this! Safety and security teams are coordinating with real estate, human resources, employee relations, and strategic groups to address WFH concerns to mitigate risk. It comes down to an expanded security footprint and increased risk management.
Stay tuned for the next blog, where I will discuss operational risks and encourage resilience. I’ll mention operational resilience, the UK rule, etc. But, I want to also address Business As Usual (BAU) risk considerations for telecommuters. As companies seek new normal post-COVID stability, implementing these preventative actions builds competency. Security for the remote workforce is as critical for those working in-office, and providing protective measures is vital to long-term resilience success.