Jemma Davis, Founder of Culture Gem, calls for companies to combine support and knowledge with secure tech to create a secure remote workforce.
Let’s be honest, we’ve embraced and transitioned into remote working pretty well over the last couple of years. It wasn’t too much of a headache. We managed to requisition every available laptop on the market to keep the business wheels turning. We even managed to sprinkle in some security practices to build a vast population of “secure” remote workers… but are they actually secure?
What is a secure remote worker?
If you do a search, it seems that an organisation just needs tools and software to create a “secure” remote workforce. Think VPNs, desktop apps, remote desktops, and endpoint protection.
But are tools and solutions really all that is needed or have many organisations just got a lot of workers with secure technology? There’s a bunch of extra stuff added to a machine, with no explanation. All they seem to do is add time to a user’s readiness to work so these tools will often be resented or bypassed for an easier life.
Imagine going to your parents or even grandparents’ house and installing a bunch of stuff on their devices. You tell them they need to use it, without any training, explanation, or interpersonal support. Or maybe you explain that it’s not safe to use a device without all this stuff.
When was the last time a technical team member sat with anyone over a cuppa and said, ‘let me help you’? We are busy people, but this is our job, this is our business, and these are our people who keep us in a job and keep our businesses running.
An organisation’s workforce aren’t just end-users, they are people. Everyone has differing life experiences, interests, information absorption methods, and a blanket approach of remote working, technical support or instruction cannot succeed. Treat them like people, and they’ll often spend a few extra seconds following the new ways of working and accessing the new tools, in secure manners, when properly briefed or instructed.
Combining support for people alongside tech
We’ve got the worker with secure technology, and we understand that a user is a person. So now we have a human person using secure technology. That must be a “secure” remote worker now, right? Wrong!
Just like tech, there are so many specs of a person, there are optimum working conditions for people, and just like tech, people sometimes need a bit of support.
To secure a remote workforce, an organisation must understand who they are, their role, the world they exist in, and provide them with secure tech, with support to understand the new world they live in.
Let’s consider for a moment human motivation, the driving force behind every human action. How many organisations know their team’s motivators and if they’ve changed during the pandemic? What risk do these motivators pose to the business?
Now consider motivators, along with access controls, how many would still be confident they have a secure remote workforce? For example, look at whether customer service agents living in shared accommodation have been reminded since their annual infosec e-learning to lock their screen when they go to the bathroom. Or whether the payment card handlers process to repeat credit card information back to the customer is within earshot of those not authorised to access this data?
Securing a remote workforce takes much more than secure tech; it requires a risk assessment.
It is only by considering living conditions, access controls, motivators, data processing, and general well-being that an organisation will have the knowledge and the need to create a secure remote worker. The secure tech adds to a worker’s secureness.
After all, no one would hand out a parachute, without also giving instructions on how to secure and use it.