Scaling your security strategy to accommodate a remote workforce is no longer optional — it’s essential.
Lots of employees have suddenly and rapidly climbed aboard a new work environment, and agencies need to provide them with secure virtual workspaces.
Why, you ask? Well, the fact is, productivity and security go hand in hand. If employees don’t have reliable access to the resources they need, they will look for shortcuts and workarounds, even downloading software that isn’t approved — and all of that can introduce security risks.
This isn’t about not trusting your employees and coworkers. It’s about managing potential risks proactively.
With that in mind, here are three best practices to ensure that employees can work effectively and securely while at home.
1. Prevent disengagement
Remote work is no longer vaguely temporary. Many employees will likely continue to work from home for the time being, and even as organizations return to their offices, telework will be more common than before.
That’s why it’s critical to think about long-term employee engagement in remote work environments.
To deter disgruntlement, be proactive in your interactions. Use technology wisely to increase face-to-face visibility by turning cameras on. It’s a small change that can make employees feel more connected.
Also, communicate desired behaviors with empathy. In the midst of a crisis, even normal work routines can become increasingly challenging. Everyone is balancing work with their personal situations, like caring for children, nursing sick loved ones, struggling with mental health, losing income and more. By treating employees with patience and understanding, they are less likely to burn out from the added stresses and are able to be more productive.
2. Beware of changing behaviors
Many tried and true processes that worked in the office could be ineffective as employees work from home. In this environment, people will be more likely to embrace tools that help them get their jobs done, especially if they’re stressed — and often without asking if it’s approved by the IT department. This kind of “shadow IT” will naturally proliferate in any agency that doesn’t provide well-supported tools to enable workforce productivity.
IT teams must be proactive about communicating new processes and desired behaviors. If possible, work with employees to make it safe to use the software they prefer, and you’ll remove their incentive to take unnecessary risks.
In any case, make a point to reiterate best practices to reduce risk, particularly where sensitive data is involved.
Think about ways that you could make it easier for employees to do their jobs. What other collaboration capabilities do you need to provide? Where are employees’ pain points? And what kinds of solutions or strategy shifts can ameliorate them?
3. Protect your data, wherever it is
Employees need to be free to work from anywhere without fearing their data will be compromised. With more people working from home, more employees are relying on cloud services and applications. This heightens the importance of modernizing data protection strategies to focus on supporting employees wherever they are.
That could mean updating data policies to be risk-focused, instead of compliance-based. Or it could involve expanding visibility into cloud applications and data movement.
Solutions like data loss prevention policies and cloud access security brokers can help.
DLP policies are solutions that protect sensitive data. They monitor, notify and sometimes block confidential data from getting into, or escaping from, the wrong hands.
Cloud access security brokers, or CASBs, let you see how employees are connecting to IT resources and what kinds of sanctioned — or unsanctioned — applications are being used.
Integrating both DLP policies and your CASB together can help patch any potential sites of data leakage, ensuring your data protection is risk-based and meets compliance.
This article is an excerpt from GovLoop Academy’s recent course, “5 Strategies to Enhance Security for Productivity While Remote,” created in partnership with Forcepoint. Access the full course here.