Securing a Remote Workforce: Out of Sight Cannot Mean Out of Mind
By Northland Controls, Nov 15, 2022
A recent McKinsey study found that 58% of Americans reported being able to work from home at least one day a week with 35% saying they have the option to work from home full time.
And people are taking advantage of this newfound benefit. Of those with the option to work from home, over 87% of people are doing so. As a result of this cultural shift, many security professionals are now facing new challenges related to workplace safety.
One of those challenges is related to a company’s ability to fulfill their duty of care requirement, no matter where an employee may be located. According to the Occupational Safety and Health Act, all employers have a general duty to provide their employees with a workplace free from recognized hazards. And, in today’s world, that can take on many different forms.
While it’s nearly impossible to safeguard an employee’s home in a similar fashion as you would a corporate office, there is some basic responsibility to ensure an employee can perform their duties without threats to their personal health or safety. But, when they are sprawled across the state, the country, or even the world, how can teams still provide general duty of care without having total control of an employee’s space? Let’s dive into a few ways to do just this.
Security Awareness Assessments: Start by asking employees to self-identify and highlight any potential security vulnerabilities that they see within their remote office environment. This is a great way to get your employees thinking about security and raise awareness of what modern threats could look like in their unique workspace. If you’re dealing with sensitive information, for example, ask employees to pay attention to screens exposed to external windows that may make important information unknowingly accessible to passing individuals.
Security Training: Whether you’re working from a coffee shop, a vacation rental, or your own home, there are certain security concerns that need to be addressed. And by providing your employees with the knowledge and understanding to combat these threats, security professionals can build up their first line of defense: their own employees. Focus on situational awareness, identifying and reporting suspicious activity, and providing the necessary tools employees need to be vigilant in their day-to-day activities. At a minimum, include this training in new employee on-boarding and provide annual courses for all employees.
But, at the end of the day, putting the responsibly on an employee to be the master of their own safety just isn’t enough. When your corporate footprint becomes exponentially larger, including hundreds, sometimes thousands of different areas, keeping track of the types and frequency of threats can quickly become overwhelming. But, by relying on technology, such as a critical event management platform, that seemingly impossible task becomes must more realistic.
So, what is a critical event management platform and how can it help you provide a heightened level of duty of care to remote employees?
Critical Event Management
By leveraging thousands of sources of information and overlaying credible threats with employee’s geographic location, a Critical Event Management (CEM) program can serve as an instant force multiplier when securing a remote workforce.
A comprehensive CEM program gives you a better understanding of what’s happening around your employees, no matter where they may be located. When events like natural disasters, wildfires, active shooters, road closures, and local protests pose a credible threat to the safety and well-being of your employees, this type of program provides better situational awareness for a more measured response.
Armed with information and given the tools to effectively manage each situation in real-time, teams can quickly identify, assess, and communicate with affected employees regardless of if they are just down the road or in another country altogether.
There are four key components to a successful critical event management program:
Often times, teams are manually sourcing information via news outlets, social media, and word of mouth. But, with this type of methodology, it’s not uncommon to miss an event, especially if you’re monitoring multiple locations at once. With adequate threat intelligence capabilities, teams have access to thousands of vetted sources of information and can easily stay up to date on developments as they unfold. This allows for a bird’s eye view of both active and anticipated threats that could affect your employees and business continuity, sometimes even before it becomes an issue.
Once you’ve identified the threats that matter, having a targeted and informed mass notification program allows for quick communication with affected employees. While companies may have a standalone mass notification program, the addition of intelligence takes a reactive technology and makes it much more proactive. And when time is of the essence, this can have a huge impact on the health and safety of your remote workforce.
Wasted time during an event can have real consequences for personnel, assets, and partners. But, by having a unified incident management platform, teams can lean on automated workflows and consolidated data to initiate and begin coordinating response teams and resources more efficiently. By pulling in multiple sources of information into one single pane of glass, pulling multiple sources of information from disparate systems is no longer an issue.
24/7 Operational Support
At the end of the day, having the right technology only goes so far unless you have a team of trained and experienced operators to facilitate it. This provides companies with a true follow-the-sun operation that meets the demand both where and when an event happens.
While the health and safety of employees is the top priority, there can also be benefits to the bottom line for those providing this type of enhanced duty of care. Because many of your remote employees’ working conditions are out of your hands, having a proactive stance as it relates to critical events can mean better business continuity and resilience when events like power outages, severe weather, road closures, and infrastructure damage occur. By making these types of proactive decisions, companies can be better prepared for events, avert costs, and minimize downtime due to damages.
According to a study from Forrester, enterprise customers saved an average of $1.1M worth of costs associated with losses in employee productivity over three years by using a CEM platform. With a combination of proactive intelligence and improved communication capabilities, employees were able to avoid critical situations and recapture much of that lost productivity. For example, if a call center is in the wake of a major hurricane, preemptively moving operations to a different location avoids any disruption in daily operations while also ensuring employees are out of harm’s way.
At the end of the day, out of sight cannot mean out of mind when it comes to remote and hybrid employees. Instead, investing in the right technology and creating policies to support a more comprehensive and situationally aware security stance can help not only meet, but exceed, duty of care standards.
Want to learn more about how critical event management can play a role in your security program? Contact us today at firstname.lastname@example.org or check out our most recent webinar on Managing Threats Outside the Walls, here.