By Susan Friedberg
Over the past two years, workers around the globe have reconstructed their workplaces, as driven by health guidelines to prevent the spread of COVID-19. Many employees are not back at the office and instead continue to work from home remotely or work hybridly, reporting to an office on a part-time basis. Regardless of where the employee works, the security policies and procedures that were in place when 100% of the workforce was in the office no longer apply to the current workforce.
The GSX session, “Adapting Workplace Violence Strategies to Accommodate a Modern Flexible Workforce,” explored how workplace safety needs have changed and discussed how security leaders are now able to integrate learnings from the past two years to build new programs that protect employee and company safety. Even if employees are not in the physical office, employers are still responsible for providing a safe workplace.
Presenters Deb Andersen, PSP (Security Administrator, Physical and Cyber Security at MWI Direct) and Robert Achenbach (CSO and Director, Corporate Security and Safety at First National Bank of Omaha) shared how the core principles of developing a security program have adapted and evolved to support a new, diverse, workforce.
Leverage the Environment and Understand the Impact
Access management is considered the first line of defense for protecting onsite workers and employees. Security providers must first consider: who are we responsible for and where do they operate?
Classifying occupants and identifying the risks that come with where they report is a good place to start. Determine where employees sit – are they on or offsite, and depending on their seat, what sort of security privileges or access to physical assets or cyber information do they have? Does access to information and tools need to be different if they are in the office or working remotely?
Look at how traffic has changed in and out of the office. Employees that are reporting to an office are decreasing in number, but they may not be the only ones accessing an office building. Security leaders must continue to prioritize all categories of occupant access and their associated inherent risks. Many offices share a building with other tenants, who may have varying degrees of access to the building. Additionally, vendors, technicians, and other support staff will still need intermittent access. Guests that come onsite, whether preplanned or not, need to be monitored, and if the office has public access, office security must also continue to consider unplanned arrivals.
Understanding the Workplace Environment, Pre- and Post-Pandemic
When employees were completely in the office, security teams had direct, physical access and the ability to monitor activity and engage in safety-related activities. Pre-pandemic, employers could directly communicate in the office via speaker systems, run onsite drills and emergency planning, and understand the flow of employee traffic via access controls.
Today, those practices need to be adapted for the remote workforce; we may not always know where employees are seated, whether in their home office or elsewhere, but employers can continue to monitor the information they are accessing while remote. Security teams are also now considering societal stress levels that have become commonplace for remote employees, from social isolation, reduced resources, supply chain delays, and changed communication access to their teams, management, and leadership. Larger companies may have had the resources to provide a comfortable at-home workplace, but most employers needed to adapt existing resources to fit the needs of their teams.
Ultimately, the most important prevention measure for mitigating workplace stress is to build trust within the workplace, provide open communication channels with key leaders, and have open and transparent policies. For example, new communication technologies available today can deploy mass notifications or provide secure communication channels via an employee’s phone. No worker needs to feel isolated in their own home – smart policies can continue to engage them and ensure they feel seen and heard.
Changing the Training Environment for Onsite and At-Home
As there is no longer a singular workplace, there is no longer a one-size-fits-all approach to safety training. Employers need to have a full view of who is on-site to protect them against workplace safety risks and to provide them with training and resources to respond safely or evacuate.
For occupancy-related emergencies, onsite employees need to continue emergency response training, from locating first aid or fire extinguishers, knowing evacuation routes, and assigning and identifying team members who have a specialized role in emergency management, such as de-escalation or mental health emergency training.
Offices with a force protection team may need to update their training based on how many people are in the office on a given day. New technologies, such as unmanned check-in or access points, or AI-driven identification cameras, can help establish occupancy and access and streamline response efforts. Force protection teams can continue to conduct site surveys and identify new operational vulnerabilities and any consequent gaps in employee training, policies, or security equipment.
Communication is key for offsite workers, and employers can adopt new strategies to engage all employees. Hybrid workers who are not available onsite for training may need access to virtual simulations and office blueprints. Remote employees may benefit from internal newsletters with regular updates on security tips – from reminders about password management, clean desk policies, and any new information or policies they need to consider as they remain fully remote. In an emergency, remote workers can be relied upon for business continuity and should also understand how to support the company in the event of an emergency or event that would otherwise prevent their access and communication with leadership, management, and fellow employees.
All departments of a company, from security, legal, HR, and leadership, must come together for a complete approach to reaching all employees, regardless of their location. Each team has its own line into company risks and vulnerabilities and has a department-level approach to incident response and post-event recovery. All parties and approaches need to be considered if the company is to take a converged approach to safety and policy enforcement.
Holistic Security Brings Onsite, Offsite, and Hybrid Security Models Together
Security leaders and employers create healthy, safe working environments when they continually test all aspects of their security program, share information, and adjust, adapt, plan, and execute. In return, security leaders and teams build better relationships, meet the expectations of the leadership, and get to keep a finger on the pulse of their organization’s vulnerabilities and needs.
Our current and future workplace is supported through leadership and security partnership and transparency, with the objective to continually improve the organization’s security and posture while complying with workplace safety regulations and promoting a healthy and safe place to work. Remote work remains a new model, and regulators are now beginning to assess what standards need to be in place to protect offsite or remote workers, as employers remain responsible for their safety and well-being.
New security elements being explored include ensuring employees have the tools to be successful and supported, from access to secure Wi-Fi networks, appropriate equipment, cybersecurity, and access control. But beyond the tools that an employee needs to complete their job, employers are now considering how their duty of care is evolving, and how to check in with employees to ensure their home workspaces are safe from domestic violence or unrest, that their workplace tools are secured against theft or damage, and if employees need access to new employee assistance programs or mental health resources to support their transition into a fully remote work environment.
Today’s workplace is diverse and will continue to evolve, and security providers understand there will never be a silver bullet resource that addresses all elements of security, from protecting critical assets, information, and people. Workers around the globe have been able to enjoy the benefits of a remote or hybrid work model, and employers want to continue to provide this resource, but not at the expense of the company or their employees’ safety. By continually assessing the security landscape and taking advantage of innovative technologies, security providers and companies can support workers where they perform best and support continual operational health and growth.
For more information, contact:
Deb Andersen, PSP, Security Administrator, Physical and Cyber Security at MWI Direct (LinkedIn)
Robert Achenbach, CSO and Director, Corporate Security and Safety at First National Bank of Omaha (LinkedIn)
Susan Friedberg is the Director of Communications at Pronto.ai and Pollen Mobile and an ASIS Member. Reach her on LinkedIn.