Security in a Flexible Workplace: The CHRO’s Role in Mitigating Risk
The term “cubicle farm” is becoming less and less reflective of today’s professional workplace. In fact, Citrix (1) reports that 61 percent of modern workers now perform their duties outside the office “at least some of the time.” Additionally, 81 percent of modern workers feel positively about being able to “work from anywhere in the world,” according to ADP’s study The Evolution of Work: The Changing Nature of the Global Workforce (2).
Although offering mobility is an important step toward meeting the needs of today’s talent, CHROs must be conscious of security in a flexible workplace. By providing employees with access to mobile technology and the freedom to work remotely, both security and compliance could be compromised.
IBM (3) reports the average consolidated cost of an information security breach in 2015 was $3.8 million. Few organisations can afford to absorb the risks of poor mobile worker security or delay the introduction of a flexible workforce policy. CHROs must take steps toward internal collaboration and policy building to mitigate the risks of a flexible workplace.
Why a Flexible Workplace Matters
For today’s talent, flexibility is viewed as a critical tool for achieving work-life balance. According to Money (4), citing a study by Ernst and Young (5), among the generations in the workforce, Millennials “are the most willing to take a pay cut, pass up a promotion, or even relocate to manage work-life demands better.” They want flexibility in where and how they perform their jobs.
Although the recent trends toward telecommuting and employee mobility is largely driven by talent, the Society for Human Resources Management (6) writes that both employers and employees can benefit, citing 95 percent of surveyed employers who report that telework improves their ability to retain talent.
The Importance of Security in a Flexible Workplace
A flexible workplace carries information security risks that aren’t present in a traditional work environment. Bring your own device (BYOD) and cloud-based applications are two of the biggest information security vulnerabilities at modern organisations, according to CIO (7). But 77 percent of employees feel positively about being able to perform “all work from a mobile device,” according to ADP (8).
Poor employee awareness and education can introduce one of the greatest sources of risk into the enterprise, which is human error. Although employers are able to protect on-site workers with internal security measures, such as a secured network, the volume of possible vulnerabilities increases as employees work off-site using company-issued or personal devices.
Forbes (9) reports that there are five crucial areas of information security consideration for a flexible workplace:
- Employee training
- Crisis planning
- Secured resource access
- Company-issued equipment
- Mobile device management
For CHROs with an existing flexible workplace policy and their peers who are considering implementing employee mobility, a comprehensive plan to diminish risks is critical. HR departments must work to ensure their mobile workers aren’t putting their organisation at risk because of a costly information security attack.
How to Mitigate Mobile Workforce Risks
Information security is a complex and evolving field that involves a variety of disciplines, including information governance, risk mitigation and business continuity planning. In order to develop effective policies, implement training, and procure the right technologies to support security in a flexible workforce, CHROs must develop close relationships with staff information security experts. ITProPortal (10) writes that CHROs should consider the following questions when shaping a collaboration with security experts:
- Can mobile workers securely access the data they need from any location?
- Are data assets protected from unauthorised access?
- Can mobile workers continue to work if they experience a technology failure?
The result of this vital collaboration will facilitate productivity, while mitigating significant risks.
Building HR Policies to Protect Information Security
For CHROs without extensive on-staff expertise, building a secure flexible workplace can be a challenge. Obtaining C-level endorsement for the resources needed to create security policies should be a critical first step. CHROs should lobby for the resources needed to build a security program, which will likely entail the acquisition of new technologies, introduction of new HR policies and development of robust training courses for employees who will be working remotely.
Perhaps most importantly, CHROs should consider leveraging the expertise of consultants if their staff information security expertise is lacking.
As the U.S. job market becomes more competitive and employees continue to advocate for flexible work environments, a future that consists of a largely mobile workforce is entirely possible. CHROs must, therefore, advocate for flexible workforce programs that aid retention and recruitment efforts, while facilitating employee productivity and minimising risks. Through collaboration with internal or external information security experts, HR departments can expect positive outcomes.
For more information on the future of the flexible workplace, download the report: Evolution of Work: The Changing Nature of the Global Workplace (11).
Please see the original blog post here: http://www.adp.com/spark/articles/security-in-a-flexible-workplace-the-chros-role-in-mitigating-risk-10-278
By Jasmine Gordon