Tips and considerations for productively managing a distributed workforce in the new era of remote work

As we come to the close of the year, we can say that 2020 has been a very long decade. Along with the personal difficulties and uncertainties, businesses faced a real struggle as they navigated how to keep the lights on and their people employed.

During these early months through the Spring and Summer, survival for businesses was the name of the game, finding work arounds to implement stop gap measures as they moved their operations remote.

Some companies handled the Great Scramble of 2020 better than others.

But now in the Winter months as we round the bend into 2021, those businesses that have made it through are settling in for the long haul, preparing themselves for the future of work that we are likely to be dealing with in the years to come. They are asking themselves how they can position themselves to not only survive whatever comes next but actually thrive as we enter the next stage that we can refer to as Phase II.

Addressing the New Realities of Work

Even as the vaccines are showing promise, the world of work as we know it has undergone seismic changes. Assumptions that work will always be done by employees showing up to use the resources available to them at the office have gone out the window.

Major corporations like Microsoft and others have told their employees that they may never have to fully return to the office. Others will only have to come in 50% of the time.

Though many have already begun to implement hybrid models where some team members are showing up at the office for specific meetings or projects a few days a week or month. These decisions, brought on in part by fears of new virus-type events that will prevent a full return to office, along with the possibility of significant savings in real-estate costs and access to a wider range of talent located across the country/world, are shifting their thinking towards questions of how can they accommodate a sustainable remote/hybrid future of work for their organizations.

These businesses now understand that they will need tools that allow them to work uninterrupted, both in or out of the office as needed.

The first casualty of the new future of work is the concept of working with legacy, on-prem solutions that require employees to work on local machines at the office from within the company’s predefined firewall. This has led to a rapid transition to cloud solutions that allow access to all the applications and resources that an employee may need to do her work, no matter where she is located.

Moving headlong into the cloud infrastructure-based future is not without its challenges. It means managing security and access through identities that will need to be handled by IT teams, even as the responsibility for the running of those applications and resources (think Office 365, AWS, and the like) will be increasingly, though not solely, on the shoulders of those cloud service providers.

But beyond those basic questions about how employees should expect to access their tools, there are still significant questions about how companies need to manage how they secure their day-to-day operations. What about protecting IP or other sensitive data from threats from within and outside the company? How to balance security with productivity?

One challenge that managers are likely to encounter is how they oversee workers. With a distributed workforce, managers need to both trust their teams more while still finding methods of applying metrics and enforcing expectations. Employee monitoring solutions, when calibrated to the organization’s culture, can help to bridge the comfort gap and make it easier for organizations to let their employees continue to work remotely without being concerned that they are going to experience a drop in productivity.

In hopes of helping organizations to overcome these challenges as they prepare themselves for the long haul, we have prepared a review of some of the essential technology and people management ideas that should be taken into account.

Technological Solutions to Security Risks

The first priority for organizations thinking about how to work securely once they go remote is how to provision access for employees to reach the resources that they need in order to do their jobs.

As more of the workload moves over to cloud-based application services like SaaS, IaaS, PaaS, and basically pick anything to fill out the “X” in something as a service, it matters far less where a person is trying to access said service and more about confirming that they really are who they say they are.

A lot of smart people have put a lot of thought into technologies that help to make our “access from anywhere” more secure. While these tools are important, unfortunately most organizations are still playing catchup and need to start at the basics. Especially in a remote working environment where it is significantly harder to authenticate identities.

Multi-factor Authentication (MFA aka 2FA) is the idea that having a password (something that you know) is not enough to ensure security. Ideally you want to add an extra layer of security by having the employee enter a second piece of information from something that they have.

Passwords are exceedingly weak in general. An estimated 81% of breaches occur from compromised passwords and 73% have told researchers that they reuse passwords between their personal and work accounts. While password managers are helping to make password management easier, we recommend that all organizations set up an MFA program that makes signing into accounts just a little bit more secure. Many great companies like Okta, Duo, and others have products that make it easy to implement and enforce policies.

For many employers, moving to a remote working environment suddenly without making a cultural shift can be a little bit scary from a control point of view.

At the office, managers can observe employees, ensuring that they are staying more or less on task and not doing anything that could compromise the organization’s valuable data. So when employees are all of a sudden out of the office, managers may find it useful to incorporate an employee management tool that lets them track what exactly employees are up to.

These tools can have an impact not only on productivity but also on security. Being able to monitor what they are accessing, where they are transferring data to, and other actions can play an important role in enforcing company security policies. This is particularly important for more sensitive industries that place a high regulatory importance on standards for handling data like financial transactions, health records, and government business.

It is important to be transparent with employees about how these tools are being used. Nobody wants to feel like they are having their privacy intruded upon, but if rolled out in the right way, these tools can help to head off many potential issues before they occur. At the end of the day, the most effective way to ensure security is through how you train your employees.

Avoiding Scams

One of the biggest threats to companies during the COVID-19 pandemic has been phishing emails that can lead to the theft of credentials as well as business email compromise.

Training employees to spot these emails that may appear to come from the IT department requesting access to their work email account is important for preventing these kinds of attacks. If credentials are stolen, then an attacker can use them to move laterally within a network, escalating privilege to reach higher level accounts where they can do more damage.

Another serious threat comes from hackers pretending to be a vendor or even a manager, asking the employee to do something that may compromise the business. Oftentimes, this will come as a request from the CEO to make a payment to a different account than normal for some sort of transaction. In some cases the CEO’s email may have been hacked. Or perhaps they just cleverly make the name look like it is the CEO while using a different email.

In all of these cases, it is important to train employees to step back a second and verify on a secondary channel, like picking up the phone, and checking that it is really a legitimate request. This is doubly important in remote work where the employee cannot turn to the person next to them for a second opinion or simply walk down the hall to ask their boss if they really wanted that million dollar transaction.

Changing the Culture by Setting Expectations

Even as many aspects of our lives are still up in the air regarding school for our children and other day-to-day concerns, organizations need to explain to employees what they expect of them while they are working remotely.

Clarity of policy is key. While exceptions can always be worked out like they were at the office, confusion over what is expected of employees can breed anxiety and unnecessary conflicts.

So be clear.

When do you expect employees to be online and available?

To be sure, expectations will depend on the types of work in question. Shift work is fairly straightforward as far as to which hours a worker is expected to be online. Alternatively, positions that are more independent where each person has their tasks to work on will require more nuance.

Some employees are likely to figure out that they are actually more effective during non traditional work hours. They might prefer to go for bike rides with their children and errands in the mornings and then work later into the evening and night.

Moving away from the structures of the “must be in the office” mindset is critical for this to work. Clear communication is what will facilitate this shift and must be worked at.

Laying New Ground for the Future of Work

This year has brought with it its fair share of tragedy and the implications of the lives and jobs lost during this period will reverberate for years to come. However, with every great quake comes new opportunities to rebuild back stronger and more resilient.

Organizations are looking for ways to rethink how they work, what they expect from employees, and how to manage distributed workforces. Most importantly, they are asking questions, including ones that examine if perhaps we are due for an institutional shift from the hourly model of work to one that looks more at output.

Surely this sort of shift is likely to have challenges pertaining to legal standards of wage to hours and reporting, but the reality is that for many sectors, this has been the norm for some time. Especially in the tech sector that has long had a leg up on the remote work situation. Maybe it is time to take the opportunity and really embrace productivity as the metric.

Organizations understand that at this point, there is no going back to the way things were. You can only run on crisis mode for so long before making the shift to something more tenable over the long run. Moving forward and returning to profitability will require organizations establishing systems that will allow them to work flexibly and effectively. Adaptability on the part of leadership is even more important than that of the people themselves.

Now is the time to make the shift in thinking from one of treading water and simply surviving, to one where we are thriving and have the capacity to be forward thinking once again. Those that are able to transition fast enough by adopting the right technologies and cultural changes will be better prepared to capitalize on the future of work as it continues to take shape.

This article was originally posted on IT Security Central and was reprinted with permission.