I know, we all hate the phrase ‘the new normal’, but I guess it’s here to stay. I think we can say we have embraced it and transitioned into remote working pretty well. It wasn’t too much of a headache, and we managed to requisition every available laptop on the market to keep the business wheels turning. We even managed to sprinkle in some security practices, and ta-da, here we are with a vast population of “secure” remote workers… but are they? What even is a secure remote worker? So let’s take a moment to Google that. Have you done it? Whose search came up with all the tools and software you need to create a “secure” remote workforce? VPNs, desktop apps, remote desktops, endpoint protection… aka ALL THE TECH! Cool, so I buy all the tools and solutions, roll it out across the entire business and put my feet up. Easy! Are tools and solutions all you need to secure a remote worker or have you succeeded in creating a worker with secure technology? Some of the new tech is an alien concept to the average human. You’ve added a bunch of extra stuff to a machine, with no explanation, that adds time to a user’s readiness to work (it’s going to take a hot minute for that VPN to connect), and these tools will often be resented or bypassed for an easier life. Circumstances have dispersed our workforce into potentially insecure environments, but at least they have a secure device. Users are people too Imagine going to your parents or even grandparents house and installing a bunch of stuff on their devices. You tell them they need to use it, without any training, explanation or interpersonal support. Or maybe your explanation is that it’s not safe to use a device without all this stuff. Now imagine the swarms of non-native computer users who are too scared to order their online shopping for fear of their safety. If this was the case, hopefully, you’re human enough to sit with your Nan and say ‘let me help you’. When was the last time a technical team member sat with anyone over a cuppa and said ‘let me help you’? Yeah, ok, we are busy people, but this is our job, this is our business, these are our people who keep us in a job, and keep our businesses running. They aren’t just an end-user. An end-user isn’t a faceless avatar, an icon on your instant messaging system, or a ticket in your queue. Each of us has differing life experiences, interests, information absorption methods, and a blanket approach of ‘the new normal’, technical support or instruction can not succeed. Why is it ok to view our friends and family as people who deserve our support and encouragement, yet the reason we are where we are (in gainful employment), the end-users, don’t receive the same time, understanding, care and attention? End-users are people; you can’t splurge information at them and expect them to understand. Treat them like people, and they’ll often spend a few extra seconds following the new ways of working and accessing the new tools, in secure manners, when properly briefed or instructed. People and Tech We’ve got the worker with secure technology, and we now understand that a user is a person. So now we have a human person using secure technology. That must be a “secure” remote worker now, right? Wrong! Just like tech, there are so many specs of a person, there are optimum working conditions for people, and just like tech, people sometimes need a bit of support. To secure a remote workforce, you must understand who they are, their role, the world they exist in, and provide them with secure tech, with support to understand the new world they live in. Let’s consider for a moment human motivators; the driving force behind every human action. Would you know your team’s motivators and if they’ve changed during the pandemic? What risk do these motivators pose to the business? Now consider motivators, along with access controls, still confident you have a secure remote workforce? Or are your customer service agents living in shared accommodation and haven’t been reminded since their annual infosec e-learning to lock their screen when they go to the bathroom? Is the payment card handlers process to repeat credit card information back to the customer, within earshot of those not authorised to access this data? To secure a remote workforce takes much more than secure tech; it requires a risk assessment. Consider living conditions, access controls, motivators, data processing and general wellbeing to provide you with the knowledge on creating a Secure Remote Worker, and the secure tech adds to a workers secureness. After all, would you give someone a parachute, without instruction on how to secure and use it? Note: if you do spend the time truly helping and supporting your people in an individualised way, here’s a BIG virtual hug for you! Look out for part 2; People Security Decision Trees.