Eighteen months into the pandemic, one word still defines our work lives: uncertainty.
Survey after survey bears this out. Some 19% of companies polled in August by PwC said they were planning to have their workforce operate on a fully in-person basis this fall. An additional 18% expected a hybrid workforce, 4% anticipated remote work, while 33% saw a mix of in-person, hybrid, and remote. Among employees, 19% said they would prefer to work remotely, 29% favored a hybrid arrangement, and 22% said they would opt to be in the office.
Whatever their preferred working structure, employers need to stay mindful of the lessons they’ve learned. On the upside, for many organizations, innovation and productivity increased and employees felt empowered. On the downside, some firms felt something was lost with a lack of in-person contact. And for many employees, the boundaries of work and family life dissolved, resulting in exhaustion and burnout.
Cybersecurity professionals, particularly, found themselves on the frontline. They started working 24/7 as employees shifted to new schedules and worked on remote devices with weaker cyberdefenses.
While the future of working arrangements is unclear, it’s safe to say that remote work will be a bigger chunk of the mix than it was pre-pandemic. With this in mind, there’s no better time for enterprises to consider and communicate their flexible working plans for their network IT and security professionals.
Here are four key strategies to consider.
Gauge views and strategize
To arrive at a work strategy that suits the needs of the business model and the needs of employees, it’s a good idea to canvass opinion. Tanium, for example, created a task force in June 2020 that brought together people from a wide range of teams and disciplines, including facilities management, finance, legal, talent acquisition, sales, and of course IT, to gauge their views.
The task force concluded that the best way forward would be to enable maximum flexibility in employee working arrangements while also providing transparency and emotional support. Tanium was confident its staff could make a call on when to work in the office and when to work remotely, using video and other online collaboration tools. The company saw it as an opportunity to both foster productivity and double down on work-life balance.
Improve work processes
By definition, security professionals have stressful jobs, with sophisticated threats coming from every direction and major security failures capable of crippling an organization. Remote working has brought with it an influx of additional network security requirements that have made the job even tougher. It means burnout is a real risk.
Hiring more people and adding technology can help, but a more effective and enduring strategy is to improve work processes. In the 1940s, Toyota created kanban, an agile workflow process, to support its just-in-time manufacturing, and kanban practices are now used in 21st-century software development. A central theme of the approach is that worker multitasking looks good on paper but rarely succeeds in practice.
A key benefit of kanban is that it visualizes a team’s workflow. Everyone can see the team’s priorities and what everyone is working on. Greater transparency inspires greater teamwork. Management can also see more easily what’s successful and what’s not and remediate sooner and more effectively.
Empower your employees
During hybrid and remote working, IT security professionals need greater support. It’s too easy to add layer upon layer of cybersecurity tools to try and lock down legacy and siloed platforms. But this approach can often make it more challenging for security pros to monitor for suspicious or unusual activity, and breaches. More important, technology is just one element of the equation that leads to improved cyberdefense. Attracting and supporting skilled security staff is the other.
Getting people and processes right requires thinking deeply about the barriers that inhibit the effectiveness of the professionals companies rely on for their defense.
It’s also important to manage dueling fiefdoms. An EY survey in 2020 found that two-thirds of companies don’t involve security teams at early stages of IT development.
Finally, to address the shortfall of available skilled cybersecurity professionals, enterprises need to look beyond graduates of four-year engineering and computer science programs. That means considering “new collar” workers, those who may not have college degrees but who possess the foundational skills and natural aptitude for tech-based jobs.
Avoid alert fatigue
With the addition of remote work, networks have experienced an avalanche of security alerts. The reality is that while some warnings are either irrelevant or minor, many need human involvement.
As remote and hybrid working continues, this isn’t a problem that’s going to get better anytime soon. And in the meantime, the toll it takes on IT security employees will continue.
To bring down alerts to a level humans and systems can manage, companies should make the leap from alert fatigue to alert awareness. They can do this by fine-tuning security tools and sensors, focusing on the alerts that matter, and bolstering staff training.
The correct tuning of security tools can make all the difference. The most successful companies have processes in place that involve everyone necessary for handling alerts. They meet weekly or more frequently to keep up with fast-changing threats.