Security in a Flexible Workplace: The CHRO's Role in Mitigating Risk

Security in a Flexible Workplace: The CHRO's Role in Mitigating Risk

This article was updated on July 31, 2018.

The term "cubicle farm" is becoming less and less reflective of today's professional workplace. In fact, Citrix reports that 61 percent of modern workers now perform their duties outside the office "at least some of the time." Additionally, 81 percent of modern workers feel positively about being able to "work from anywhere in the world," according to the ADP Research Institute® (ADP RI) report, The Evolution of Work: The Changing Nature of the Global Workplace.

Although offering mobility is an important step toward meeting the needs of today's talent, CHROs must be conscious of security in a flexible workplace. By providing employees with access to mobile technology and the freedom to work remotely, both security and compliance could be compromised.

IBM reports the average consolidated cost of an information security breach in 2015 was $3.8 million. Few organizations can afford to absorb the risks of poor mobile worker security or delay the introduction of a flexible workforce policy. CHROs must take steps toward internal collaboration and policy building to mitigate the risks of a flexible workplace.

Why a Flexible Workplace Matters

For today's talent, flexibility is viewed as a critical tool for achieving work-life balance. According to Money, citing a study by EY, among the generations in the workforce, millennials "are the most willing to take a pay cut, pass up a promotion, or even relocate to manage work-life demands better." They want flexibility in where and how they perform their jobs.

Although the recent trends toward telecommuting and employee mobility is largely driven by talent, the Society for Human Resource Management writes that both employers and employees can benefit, citing 95 percent of surveyed employers who report that telework improves their ability to retain talent.

The Importance of Security in a Flexible Workplace

A flexible workplace carries information security risks that aren't present in a traditional work environment. Bring your own device (BYOD) and cloud-based applications are two of the biggest information security vulnerabilities at modern organizations, according to CIO. But 77 percent of employees feel positively about being able to perform "all work from a mobile device," according to ADP RI.

Poor employee awareness and education can introduce one of the greatest sources of risk into the enterprise, which is human error. Although employers are able to protect on-site workers with internal security measures, such as a secured network, the volume of possible vulnerabilities increases as employees work off-site using company-issued or personal devices.

Forbes reports that there are five crucial areas of information security consideration for a flexible workplace:

  • Employee training
  • Crisis planning
  • Secured resource access
  • Company-issued equipment
  • Mobile device management

For CHROs with an existing flexible workplace policy and their peers who are considering implementing employee mobility, a comprehensive plan to diminish risks is critical. HR departments must work to ensure their mobile workers aren't putting their organization at risk because of a costly information security attack.

How to Mitigate Mobile Workforce Risks

Information security is a complex and evolving field that involves a variety of disciplines, including information governance, risk mitigation and business continuity planning. In order to develop effective policies, implement training, and procure the right technologies to support security in a flexible workforce, CHROs must develop close relationships with staff information security experts. ITProPortal writes that CHROs should consider the following questions when shaping a collaboration with security experts:

  • Can mobile workers securely access the data they need from any location?
  • Are data assets protected from unauthorized access?
  • Can mobile workers continue to work if they experience a technology failure?

The result of this vital collaboration will facilitate productivity, while mitigating significant risks.

Building HR Policies to Protect Information Security

For HR leaders without extensive on-staff expertise, building a secure flexible workplace can be a challenge. Obtaining C-level endorsement for the resources needed to create security policies should be a critical first step. HR leaders should lobby for the resources needed to build a security program, which will likely entail the acquisition of new technologies, introduction of new HR policies and development of robust training courses for employees who will be working remotely.

Perhaps most importantly, HR leaders should consider leveraging the expertise of consultants if their staff information security expertise is lacking.

As the U.S. job market becomes more competitive and employees continue to advocate for flexible work environments, a future that consists of a largely mobile workforce is entirely possible. HR leaders must, therefore, advocate for flexible workforce programs that aid retention and recruitment efforts, while facilitating employee productivity and minimizing risks. Through collaboration with internal or external information security experts, HR departments can expect positive outcomes.