Council Post: How To Protect Your Business’s Data As Employees Return To The Office
Mark Roberts is CMO at TPx Communications, responsible for marketing worldwide, driving growth opportunities and building brand recognition.
When it came to security, much of the world was forced to keep their networks and teams safe while working remotely over the past year. But if workers start returning to their in-office desks in more significant numbers, organizations should not forgo their attention to security.
While we largely adapted to remote work, we’ve spent significant time focused on keeping the network safe from afar. As the CMO of a company that offers managed security solutions, I worry that companies have neglected the office and may be unprepared for the reopening — from a technological standpoint.
When I think about bringing teams back into the office after months of working remotely, it seems like the office could be a company’s proverbial “soft underbelly” — unless the team prepares.
Reassess Your Data And Devices
And, as I mentioned in my last piece, security matters more than ever for small- to medium-sized businesses (SMBs). Unfortunately, as IBM highlights in its Cost of a Data Breach Report, the costs of ignoring the threats out there are potentially catastrophic; not all companies are prepared to react appropriately, and a 2019 survey commissioned by the National Cyber Security Alliance found that 10% of small businesses went out of business after a breach.
Here are a few points for companies large and small to consider as they weigh their next steps.
Because they had to adapt to employees working remotely, some companies may have relaxed their security protocols or looked the other way on some infractions. The first step in returning to normal is to assess and document where your data lives.
With workers connecting to their home or public networks, companies that did not have the proper security protocols could be in for a surprise when employees reconnect to the office network.
Some may have moved away from using VPNs or even allowed employees to use personal devices for company business. The proliferation of people using personal devices for professional purposes could pose a significant security threat.
Additionally, did employees use their work devices for personal reasons or download unauthorized software when they thought the IT team was otherwise occupied? That’s not really a question companies want to leave to chance.
It is probably safe to assume there have been some mixed messages amid the chaos of the pandemic; we did what we needed to succeed, and it’s commendable. But I think it’s time to put those approaches in the rear-view mirror and take a more forward-looking approach, especially on the security front.
I’m sure most would agree that corporate security policies aren’t exciting, but they are in place for a reason. These policies are part of the bedrock of future success.
Remember That Policies Are Just Pieces Of Paper
If your employees are returning to the workplace, now is the time to reinforce expectations. Some organizations undoubtedly forewent vulnerability sweeps and mandatory security patches or upgrades for their teams’ laptops. Some believe that hackers could have already infected corporate computers and are “lying in wait” for their targets to reconnect to office networks behind firewalls.
So in returning to the office, we may have to immediately reenter a different quarantine — a local area network (LAN) where everyone returning to the office can connect and upgrade their devices before connecting to the primary network. This way, if there is a problem, it shouldn’t bring down the entire company.
Too often in business, companies forget that their policies are just words on a page. They don’t mean much to most employees; they likely just “check the box” when they’re required to review policies and may not bother to understand what these policies mean.
It’s time companies change the modus operandi. Companies should bring their employees into the process to give them a sense of ownership.
Revisit The Message
Companies shouldn’t make security protocols a committee decision; someone should take ownership and make decisions that are in the company’s best interest. But organizations would be remiss if they didn’t bring their teams into the dialog to understand how decisions affect everyone involved.
Bringing teams into the conversation can make mandates feel less like directives and more like team efforts where everyone plays a substantial role in the company’s success.
The one aspect of life that didn’t change during the pandemic is the importance of data privacy. It was paramount before the pandemic and will likely remain so in the new era.
As we move further into 2021, companies should recognize that the data they are entrusted to protect comes in many forms. It is no longer confined to company networks and the corporate secrets they hold.
Consider that some offices may implement new procedures, such as temperature checks and other health-screening measures. Companies should be clear about how they plan to use and safeguard this data.
Team members may understandably want to know what their leaders are doing to protect personal and company information. Therefore, you should refine the security message moving forward to place employees’ concerns alongside the company’s interests to show teams the organization values them as individuals.
The time when companies could govern by decree is over, as I believe it should be.
More than ever, team members need to hear from their leaders — not in a holier-than-thou manner but in a reassuring way. Some of the protocols for reentering the office may seem cumbersome, but they are in place for a good reason: They are necessary.
These are difficult conversations that no one wants to have, so organizations need to have them. Leaders should deliver the message without sounding sanctimonious so everyone hears it and doesn’t tune out.
But more than anything else, let’s remember that this will be a significant transition for everyone. Be sure to add some patience and levity to the situation.
At this moment, a little can go a long way. Making your employees feel valued doesn’t require any investment, and taking even small steps can help keep companies safe.
In my opinion, taking action is not an option; it is a necessity in today’s landscape. Don’t be outflanked by hackers or bad actors who want to harm your company.
Originally published at https://www.forbes.com.