[co-authors: Michael Gips, A.J. Cook]
Leaders are forged in times of crisis. So, it’s not surprising that a rare confluence of events that includes the current pandemic and recent social unrest has given organizations’ Chief Security Officers (CSOs) and security executives an opportunity to exercise even greater leadership and mission-critical influence during these historically trying times.
The economic fallout of the global pandemic, as well as the seismic rifts widening in our civil and political discourse, highlights the increasing importance of the security department. This period of heightened tension calls upon security professionals’ skills to deescalate tensions and exhibit empathy but also to protect staff, supply chains, and information.
The new Corporate Security Officer
CSOs have come a long way since that term was coined almost 20 years ago. That role emerged from a trend toward professionalizing traditional security duties Facilities isn’t qualified to design CCTV applications and deploy guard patrols, and HR should not have to manage workplace violence and conduct employee off-boarding alone.
In this new environment, the CSO can be a direct advisor to corporate executives or senior government officials. Security leaders, often bringing experience in national security, law enforcement, and the military, have been thrust into the center of all-hazards corporate risk management, business resilience and continuity, and crisis and emergency response plans.
Given today’s environment, businesses are facing an existential threat, and security is top of mind.
Even as the crush of navigating remote work transitions, force reductions, travel disruptions, and resource constraints begins to subside for security departments, the corporate world is turning its attention to reopening and stabilizing the workplace. Along with Facilities and HR, security is right in the mix.
New pressures for workforce security
The COVID-19 pandemic and other burning societal issues will thrust CSOs and their teams more into the forefront of their corporate workplace, expanding their mandate and increasing the challenges they face. Some of these challenges include:
- rapid hiring and rushed on-boarding;
- terminations that result in potentially aggrieved ex-employees;
- dynamic insider threat issues;
- increases in contractors, contingent labor & gig workers;
- a more complex and diffuse footprint as remote work becomes the norm;
- pressure to modernize risk management without adding headcount; and
- increased focus on civil liberties, fair hiring, employment practices, and discrimination.
Without a reliable workplace risk monitoring solution, your organization could end up as the latest news headline or viral video clip after unwittingly hiring neo-Nazis, members of al-Qaeda, workplace shooters, or other bad actors.
Keeping up with evolving workforce risk
The rapid transition to work-from-home has accelerated digital transformation — which frequently involves the adoption of cloud-based tools and allows vital work and information to leave the company’s network — and created a platform for corporations’ chief information officers and chief information security officers. As a result, companies have invested urgently in securing the ‘digital’ side of workforce risk. Everything about the way employees access and work with company data is being secured aggressively with improved authentication, VPN requirements, cybersecurity awareness training, and endpoint protection that attempt to make an employees’ home offices as secure as their desks at headquarters.
But what about the actual employees? The human risk is more nuanced and pronounced in this increasingly complex and distributed workforce. In our current landscape, the CSOs’ playbook needs to be rewritten entirely.
McKinsey & Co. recently identified one of the top priorities going forward as the need to protect and support employees using data and technology to create improved protection and engagement in the new decentralized work environment.
Today, Chief Security Officers need a new strategy that will:
- keep pace with the cybersecurity investments being made to secure employee work from home’
- realign physical security strategy to reflect changes in the company’s business strategy;
- help the company engage and protect its people;
- meet these new challenges while covering traditional security missions such as investigating misconduct and ensuring compliance;
- incorporate empathy, other soft skills, and de-escalation practices; and
- demonstrate the security team’s business value to the organization.
And remember, this new approach will likely be deployed with reduced security staff.
Building the modern risk management playbook
As new hires, new contractors, and newly remote employees create a workforce that is more difficult to wrangle, investigative solutions can provide a fully automated and tailored approach to identifying risk as it occurs. However, by using new software and innovative techniques, CSOs and other risk leaders can:
- automatically identify new insider, security, and compliance risks;
- broadly research and investigate potential risks; and
- integrate retrieval of public records to substantiate investigations and increase compliance.
*This blog post was written by Michael Gips, JD, CPP, CSyP, CAE, and principal of Global Insights in Professional Security; and A.J. Cook, who is responsible for sales and go-to-market strategy at Endera.