Two leaders at CWB — Jeff Wright, Senior Vice President of Client Solutions, and Cory Gould, Chief Information Security Officer — recently participated on a Canadian Chamber of Commerce webinar to help other business leaders move through the thickets and back onto a road that can be followed. They have come up with three key takeaways to apply to business operations moving forward.
1. Meet your employees where they’re at, and offer assistance to continue forward
The line between personal and professional life is now more blurred than ever before. Employees working from home may be tempted to stay online beyond regular working hours, and many are forced to juggle the responsibilities of full-time employment with unexpected full-time home management or childcare. To help rebalance the scales, Jeff recommends being more intentional with your interactions with staff in addition to providing tactics and opportunities to keep work from bleeding into home time.
“We have to be more intentional with our connections now,” says Jeff. “People are dealing with a lot more stress beyond work at the moment, and we want to be able to flex and adapt to whatever they’re trying to deal with.”
At CWB, this includes offering fun opportunities to connect and disengage from the workday stress, like all-employee concerts, stand up shows, virtual celebrations for Canada Day and multicultural week; anything to help employees enjoy their time and avoid feeling too isolated.
“We also realized that many employees weren’t equipped to work from home long-term,” Jeff continues. “Working from home is not just for a few months, so we made it possible for employees to order essential office supplies directly to their home so they can be comfortable and productive.” These simple but meaningful steps help keep staff engaged and connected with the company as everyone moves forward together. And as the landscape continues to shift, so does the approach.
“There is a portion of the workforce that is quite risk averse about health concerns,” explains Jeff. There’s a group that believes the world will return to normal after a vaccine and another group that says they’ll never sit in a meeting room again. We need to respect that people are coming from different places and focus on coming up with an answer that can work for everyone.”
2. Threats haven’t changed, but risks have
COVID-19 is an ongoing risk that every entrepreneur and business is being asked to manage and address. However, the dangerous parts of technology haven’t changed despite the dramatically shifted environment. As companies and employees globally operate through a work-from-home arrangement, it’s more important than ever before to be aware of the types of scams that may pop into inboxes.
“The threats are the same,” says Cory, “but the risk has increased exponentially. We are no longer able to walk down the hall and poke our head in another office to ask about an attachment that seems a little off.”
What phishing scams and hackers have been after for decades remains the same: information and access. Once your credentials have been exposed, the malicious entity has the ability to exploit all information on your system for their own personal gain.
“Clicks in an email, links and attachments — that has not changed for the last three to four years,” says Cory. “We are now much more inclined to more liberally open attachments that hit our inbox or respond to links that we might see.” These everyday threats are more prevalent than what drama or thriller movies sometimes depict, a technical hacker illegally accessing encrypted files through a database backdoor. Cory estimates Hollywood-style attacks comprise potentially 5% of the threats made on technology systems.
“Our #1 vulnerability is people,” he says. “We are very human in nature, and in Canada specifically we err on the side of trust, which can be exploited by others.”
To help mitigate this risk, keep personal and professional online activities on separate machines as much as possible, and don’t use personal devices to open or edit work documents and vice versa. Also, as a business owner, consider which employees have access to what information and for what purposes.
“Technology has a role to play and always will,” says Cory. “One short-term focus should be on understanding access requirements. It’s easier to give universal access to people when you don’t know what their needs are.” It’s safer to create access to systems on a person-by-person basis based on the employee’s specific needs for their role. If a person works in finance, they likely don’t need access to back-end HR systems.
The best way to achieve this is to work with the concept of least privilege. Start with the minimum credentials needed and add on further access as it becomes necessary. Do not start with universal access from the top and then try to revoke access to information. Take a deep dive into access management to ensure stability and security.
3. Don’t silo solutions; answers need to come from clients as well
While working towards establishing a new set of patterns and routines, it can be tempting to find the solution that works best for the bottom line and the employees. However, there’s another major player in the mix that cannot be ignored: the client!
“What we think is the right answer is only half of the equation,” says Jeff. “We also have to understand how our clients want to do business with us and come up with an answer that works for everyone."
This can mean a different solution for each kind of business with which your company interacts, and it can also mean that both parties learn through trial and error. The positive is that this type of collaboration can also lead to stronger bonds between your employees and your clients, giving each side confidence that the company has the best interests in mind overall. “It takes two to tango and you need to figure out what makes sense together,” Jeff remarks.
“Many companies are similar,” Jeff wraps up. “Clients, partners and organizations are all part of the work equation, and you can’t think that only you should define the answer."