Why the Employee Experience Is Cyber Resilience
A culture of trust, combined with tools designed around employee experience, can work in tandem to help organizations become more resilient and secure.
The modern workplace is changing at a pace never seen before in history. A lot of this stemmed from COVID and remote work necessities, with 74% of CFOs noting they've adopted some kind of telecommuting policies due to coronavirus challenges. Now, more than ever, the employee experience (EX) is critical for keeping us connected and productive. That applies not just from a company growth perspective, but from a cybersecurity one.
EX is a combination of three things: Policies, environment/culture, and tools. The key to addressing all three lies in empathy, as discussed in the book Empathy In Action: How to Deliver Great Customer Experiences at Scale, by Tony Bates and Dr. Natalie Petouhoff. In their book, the two position empathy as a business strategy. It’s also something that we can use to address cybersecurity.
The cybersecurity field isn’t always rewarding. It can be a relatively thankless and stressful position. COVID hasn't helped, with 70% of cybersecurity professionals reporting consistently high stress levels of cybersecurity professionals reporting consistently high stress levels. Mental health issues and even suicides are increasing among those who work in these environments. We must address the issue empathetically not just to protect systems but to save lives.
Creating a Frictionless Office Environment Through Zero Trust
Zero trust is a bit misleading, because it's a technology methodology and a policy that's all about enabling EX. With zero trust in place, access is denied as the baseline. So how does that build EX? To understand, we have to compare zero trust to the traditional office network.
This is made up of company devices, software, and workers on a separate network from the Internet. Everything touching that network has been rigorously vetted to gain a "trusted" status that allows it to connect without question. Workers are expected to adhere to strict controls, confining them to certain devices, software, and practices.
This is where shadow IT rears its head. Inevitably workers end up routing around trusted devices and software to get their jobs done, creating untrustworthy networks of tools.
To respond, the industry — led by Google — came out with zero trust. Enterprises just assume everyone — software, devices, and people — are bad actors until proven otherwise. This creates a much simpler world to defend. And simpler, easier, and more streamlined experience is what EX is all about.
Zero trust is also a means of simplifying policy, which can bleed into the next point: building a blameless culture.
Stopping Threats With a Blameless Culture
Some 43% of employees admit to making an error at work that compromised cybersecurity. It's highly unlikely that cybersecurity professionals at those companies have corresponding reports for all those incidents. People do not like to admit when they do something wrong. They especially don't like to admit it when there are potential repercussions like job loss, demotions, or other disciplinary measures.
Meanwhile, when responding to a threat, cybersecurity professionals need clear information. They will not get this in a culture of fear. That culture of fear expands to IT and cybersecurity professionals responding to incidents, as well.
With a blameless culture, there is clear transparency of the events going on at the time of a security incident. Individuals, unafraid of repercussions, come forward with key information and increase the likelihood of resolution.
Blameless culture leads right back to EX. It does not mean a complete lack of accountability, nor does it excuse any malicious action. Zero trust is about how you create open cultures that enhance the resilience of your business. Much of that centers on the tools provided to workers.
Empowerment Through Software Enablement
Software tools, especially in today’s tech-connected world, set the foundation for the employee experience. There are dozens of examples of technology improving employee productivity and happiness. The most effective, based on a Forrester study, tend to target two things:
Everyday productivity gains: Tasks that employees have to tackle every single day are the ones where they see the most benefit when technology is deployed.
Daily stress: Barriers to their ability to do their jobs stem from technology that is outdated or difficult to understand. Technology that is easy to use eliminates this stress.
Software that meets these standards is well designed and enhances tasks. It does not create new ones. When building these tools and enterprise capabilities, it's important to take that EX into account. That should occur regardless of whether that tool is aimed at a business analyst seeking revenue guidance or cybersecurity experts on the hunt for vulnerabilities.
A culture of trust, combined with tools designed around EX, work together to help organizations become resilient. When viewed through an empathetic lens, it's easier to establish the right policies and technology to help workers be happier, healthier, and more productive.
About the Author
You May Also Like
Cybersecurity Day: How to Automate Security Analytics with AI and ML
Dec 17, 2024The Dirt on ROT Data
Dec 18, 2024