Data Security Considerations for the Work Anywhere/Any Time Workforce

June 20, 2019      By Kate Bischoff

Ultimate Takeaway
  • The rise of the remote workforce does bring several challenges, including additional data security challenges
  • Draft a comprehensive data security policy and update it regularly to keep up with new security best practices
  • Stay up-to-date with compliance regulations and partner with IT to ensure your vendors are protecting your data

From time to time, we invite guest contributors to provide their personal perspectives about trending HCM topics. The views, opinions, and comments expressed below are solely those of the author and do not represent Ultimate Software. This post was commissioned by Ultimate Software and the author has or will receive compensation for their work.

Today, many of us can work from anywhere – the beach in Spain, the mountains in Boulder, the coffee shop at the end of your street.  And, many of us want to do just that – work where and when we want to.  With the exception of some industries, technology has gifted us the ability to get out and about without missing a step. However, with the gift comes some challenges, too.

One of those challenges is data security. Data is bigger than oil. Our trade secrets, confidential business plans, failures, customer complaints, employee Social Security numbers, are vital pieces of data that we keep electronically that can be accessed via our numerous portals.  For this reason, data security must be a top concern before allowing people to work from anywhere and at any time.  Here are a few steps preserving data when employees can work anywhere:

Draft and update a data protection policy

Most organizations have a confidentiality policy that governs the organization’s data.  Confidentiality is certainly an important component of a good data protection policy, but it is not everything.  A data protection policy covers what happens if an employee loses a device or a password, who to contact if they click on a bad link or suspect someone of hacking an account (even their social media accounts), and how not to put company data on personal devices, as well as steps they should take to protect data and devices.  Drafted with the help of IT, the policy should be updated regularly to keep up with new security measures as data security continues to evolve.

Control devices

Employees love their own devices, but does your data love them too?  Each organization has to determine whether employees may use their own devices or an organization-owned device.  When data is on an employee’s device, the employee has control over it unless the organization has put some mobile device management (MDM) software on the device as well.  MDM allows an organization to remotely take its data off of the device if the employee resigns, loses the device, or engages in some suspicious activity.

Data protection is everyone’s job

If an employee has access to data (a/k/a everyone), the employee needs to understand that protecting the data of the organization is an essential duty they share with everyone.  Data protection is in everyone’s job description, and everyone receives and acknowledges the policy.  It may also mean there are consequences for intentionally reckless or negligent behavior.

Love your VPN

Wifi is not a luxury, it’s a necessity.  Yet, the wifi at the coffee shop is open for everyone who is also connected to see searches and activity from a specific computer, including the edits to the all-important proposal to your biggest customer.  This is where employees must use a VPN.  A virtual private network creates an encrypted channel between a device and the organization’s server shielding the device from snoopers.

Vet your vendors

Organizations use all sorts of data vendors from Apple and AWS to Google and Microsoft.  These vendors are moving from enterprise (meaning the software is on your organization’s computers) to SaaS or cloud-based systems.  This means that your data is on your vendor’s servers.  If your vendor has your data, what are they doing to protect it.  Is the vendor up-to-date on ISO standards?  Are you able to remove your data?  Is the vendor using your data?  If so, the vendor using your data in anonymized form only?  Are they ready for California and European Union-based data standards?  Don’t assume that a vendor who has access to your data is doing everything it can to protect it.  Spend some time learning about compliance regulations and changes and partner with IT to ensure your vendors are going to do just that for you.

Manager Mind Shifts

Just because we can work anywhere and anytime doesn’t mean our employees are available to work all the time.  This is hard for lots of managers.  For decades, managers could tell if an employee was working based on whether that person was in the office.  Now, it’s different.  Face time is dead.  But we still need to have productive employees who are able to collaborate with each other.

Out of office is a friend, not a foe

The out-of-office email or instant message status is a miracle. It tells me when Suzy is at her computer, in a meeting, or dealing with a plumber even though she will normally be available.  This expectation setting is key to creating space for collaboration with others.  By strategically using out-of-office, employees will know when Suzy is available to answer questions or provide much needed information.

Check-ins are key

Outta sight, outta mind rings true for lots of employees and managers.  This is why it is critical for managers to set up regular check-ins with employees even if the employee is working from a different location.  Check-ins should be done individually with employees as a gauge on the employee’s needs and project status and can also be done as a team to foster relationships and collaboration.

Share project status

While project managers have explained, making sure everyone is on the same page with status and their roles is important, when working with employees located across states or countries, keep the project status readily accessible.  Not only will everyone know what everyone is up to, but they may be able to pitch in where needed as well as cheer each other on when big tasks are completed.

Working anywhere and at any time is not only trendy, job seekers are demanding it.  Many, many employers will be able to accommodate these needs – we just need some guardrails like data security and slight mind shifts from managers to be successful.

Now, if you’ll excuse me, I need to go work from the beach.

To learn more about changes in employment laws and regulations, how they impact your organization, and how your human capital management (HCM) technology tools can help, sign up for our upcoming webcast, “New Legal and Regulatory Changes That Can Impact You,” led by Ultimate Software’s senior compliance advisor, Colleen Rynne, and director of compliance, Maria Luther.

Posted in:
Tagged with:

Related Posts

The Affordable Care Act and Patient Protection plan under way Ultimate Software is helping business be prepared

Navigating the Patient Protection and Affordable Care Act


The Excise, “Cadillac” Tax – Start Thinking Ahead

e-learning content

An Overview of the New FLSA Overtime Rules


One-Stop Compliance Shop – Top 19 Compliance Resources

Leave a Comment