The Human Element: Improving security for your Hybrid Workforce

The word “hybrid” is everywhere right now: hybrid cars, hybrid foods, and the ever-growing hybrid workforce. The latter shot into prominence after the COVID-19 outbreak shut down offices and forced workers everywhere to adapt to the work-from-home lifestyle.

Prior to COVID, only 20% of the workforce worked remotely, according to the Pew Research Center. That number exploded to 71% as the world went into lockdown. As vaccines have begun rolling out, the hybrid work model (with some workers in offices some of the time and many working from home) emerged. According to SHRM.org, 55% of the workforce favors a hybrid workforce post-pandemic.

The likelihood that workplaces will go back to being fully in-office is low: 80% of leadership teams said they will allow a hybrid workforce model post-COVID, and 47% said they’ll allow employees to work remote full-time, according to HRdrive.com. One major concern from companies in the face of all this change: How does one maintain security in a hybrid workforce?

According to Ty Sbano, Sisense Chief Security Officer, the answer involves focusing on company culture through education and communication (even if it’s virtual), understanding human error and how to mitigate it, and engaging in security planning and testing.

“Culture is everything,” said Ty. “Without our sales culture and our team’s ability to provide a data analytics capability for customers, there wouldn’t be anything to protect. Culture, communication, and security are all interconnected.”

Let’s dig into some key guidelines from Ty on maintaining a hybrid culture while protecting your data and security systems.

Educate your employees to reduce human error

The emergency conditions that necessitated widespread working from home in 2020 were far from typical. Many workers had trouble acclimating, stress levels were high, and distractions were plentiful.

Due to these obstacles, 55% of IT professionals said reducing human error and training employees on how to properly operate security systems from home was their biggest challenge in 2020. Educating employees on the importance of cybersecurity and giving them open access to continued training need to start early.

In a survey from email software company Tessian (published by TechRepublic.com), 52% of employees said they were error-prone due to stress and 43% made mistakes as a result. Additionally, 52% of employees engaged in risky online behaviors at home and 48% said not being monitored by an IT team made them feel they could disregard security protocols while working remotely.

“Our senior security engineer, Aaron Brown, created a Slack bot that welcomes every new employee to the organization with a message on behalf of security and IT, so they know where to go for help.

– Ty Sbano, Sisense Chief Security Officer

This initial message and direction to the internal trust center for all things security gives employees a central location where they can quickly and easily find answers for their questions. It also provides direct links to the company’s documentation on security protocols, settings, systems, and operations.

Starting off on the right foot: Improving onboarding

When employees are onboarded, it’s crucial to provide them with security training immediately. The sooner employees understand how essential proper security measures are, the better.

“That’s why we have a member of the IT team on all remote onboarding orientations,” Ty explained. “They provide an immediate introduction to the tools we use, login set up, and processes.”

Beyond providing guidance, tools, and training, Ty believes education gives employees the asset of “self-empowerment,” noting that the more you equip your teams with the power of information, knowledge, and comprehension surrounding data security, the more confidence and desire they’ll have to enact protocols and procedures independently. Investing in your employees’ education can make them feel your company cares about their development and growth.

No stupid questions: Encouraging open communication

One downside to hybrid or remote environments is the lack of in-person interactions. Having to connect virtually may not come close to real-life engagements. However, considering many people prefer working remotely (65%, according to a PWC survey) and others are open to hybrid models (55%, according to Flexjobs.com), connecting virtually is one of the best options for maintaining company communication and fostering culture.

Ty said when COVID caused Sisense to become a full-fledged work-from-home entity, setting up communication tools like Slack; creating virtual events, gatherings, and town hall meetings; and subscribing to videoconferencing tools like Zoom created simple pathways for teams and leadership to stay connected. Contrary to many business leaders’ concern that virtual communications will hurt company culture, Ty said in many ways, the change improved culture.

“It brought us together,” he said. “We went from maintaining relationships with our respective teams to engaging with peers from all over the company.”

This connection and increased communication boosted the culture of Sisense, and that directly impacted security: “People feel connected to the company, and the result is they have something they care about protecting.”

The time to plan is now

When the pandemic hit and the world was forced to retreat into seclusion, some companies were more prepared and able to pivot effectively than others.

“It’s important to have a plan before you need a plan,” Ty said, saying that part of his role is to prepare Sisense’s internal security systems for the worst and hope those scenarios never happen. “A pandemic had always been in our sight. COVID just felt different.”

As coronavirus rampaged, claiming lives, flipping the global economy, and uprooting the habits of millions, Ty’s team had to implement their pandemic plan quickly, working out kinks as they arose.

“We adjusted our plan to fit exactly what was happening,” he said. Having a plan on paper for if and when an event hit put Ty’s team ahead of the curve. The planning phase for the security team included defining critical business workflows, creating a secure system for employees to use, and strengthening security protocols (like Zscaler) to enable the entire global company to continue working without interruption. Ty said the security and IT teams at Sisense work diligently to also test plans before they’re executed, uncovering any gaps, software issues, or better routes for security success.

In a human workforce, error will never be eradicated, but it can be managed with the right security measures. Your data will be protected, your teams will be connected, and your culture will have the opportunity to grow in a new, and potentially stronger, direction.

Remote work is the future of development.

Madie Szrom is a Content Writer at Sisense. She has more than 10 years of experience in digital marketing, working with the City of Indianapolis, Riley Children’s Hospital, Viable Insights, and others. She’s been published in Shore Magazine, the Indy Star, and Time Out Chicago. Her long-term literary goal is to write a book of essays and be published in the New York Times.