A solid security strategy is adaptable. It should evolve as the work environment and threats to your company’s security change. Versatility is even more important in a hybrid work environment, a new-to-many flexible working model that’ll no doubt come with some growing pains. Improving your programs in a dynamic environment starts with understanding how well your security programs are working. In this post, we’ll go over a few ways you can do that.
Perform regular security assessments
First, it’s important to conduct security assessments on a regular basis. This will help you keep a pulse on your security across offices and remote locations. To see how your programs are performing over time, compare the results of the current period to previous ones. You’ll be able to pinpoint areas to improve and which programs have helped reduce risk to your security. Need help with your hybrid work security assessment? Check out our toolkit.
Keep track of incidents over time
On top of assessing your security, you should monitor the number of incidents that occur over a period of time. Every incident has the potential to significantly impact your business. Taking system downtime as an example, the hourly cost of downtime is $67,000 per hour.
By noting when an incident takes place, you can see whether the security changes you’ve made have had an impact and act accordingly. Here are a few examples of incidents some companies track:
- Health-related office closures
Quantitative data is important, but it only gets you so far. Qualitative metrics will help you see the nuances in your security programs. In the next section, we’ll dive into several ways you can get feedback from employees to inform improvements.
Collect employee feedback
Speak with employees to understand security gaps that your team’s assessments may miss. To collect a wide range of feedback, talk to employees who come into the office regularly as well as those who are remote. This information adds context to the work your team is doing and explains what numbers alone can’t reveal.
Interviews are a great way to learn from employees responsible for enforcing your security programs, like an HR manager or front desk attendant. These conversations can give you new insights into your programs so you can improve them. Frame the conversations to employees as an opportunity for you to learn about the work they’re doing. This will ensure they focus on the information that’ll be most helpful to you.
Organize a focus group
Focus groups gather a small group of people across your company to discuss a topic. To capture a mix of opinions, include employees, supervisors, managers, and department heads. Keep the groups under 10 people so everyone can take part in the discussions. These conversations can help you understand how a new program is going and how you might improve it. Your role as moderator is to ask questions, listen, and learn.
Shadowing an employee is a way to learn first-hand how your security policies and procedures are executed. Ask the person you’re shadowing to perform a role or task as they would normally. Keep an eye out for actions the employee does that are different from their peers at other hubs. Be sure to ask questions about what they think can be done better or differently.
Understanding if your security strategy is working is key to staying on top of threats. To ensure effectiveness, keep track of the metrics that matter to your business and involve employees who can help improve your understanding of your programs. Want to learn more? Download our ebook, An executive framework for scaling hybrid work security. In it, we show you how to perform a full security assessment for hybrid work so you can protect your company’s people and critical assets.