IE 11 Not Supported

For optimal browsing, we recommend Chrome, Firefox or Safari browsers.

3 Ways to Build a Security-Minded Culture While Working Remote

In a post-COVID environment, maintaining a cohesive culture of teamwork — and cybersecurity — can be a challenge, but there are strategies leaders can use ensure staff stay engaged.

remote work_shutterstock_1695249982
Throughout my career working in federal and state governments around the world, there has been a well-defined, mostly healthy office culture. While a few exceptions come to mind, these environments were generally challenging, productive, engaging, fun, memorable — and pre-COVID-19.

Yes, team meetings could be long. Running between buildings to see clients during Michigan, Maryland and Northern U.K. winters in the snow was hard. Nevertheless, some distinctive examples of culture-building events included summer cookouts, March Madness basketball parties and bosses bringing in bagels, donuts and coffee on cold winter mornings. On the Friday before the Michigan-MSU football game each fall, everyone wore their favorite team colors as we ate burgers and brats and made game predictions.

Christmas parties with white elephant gifts, staff shooting Nerf guns at the management team every time we entered our “Bat Cave” (the security operations center), impromptu team “health walks” during morning breaks and even intramural softball leagues were all part of normal government life.

Beyond planned social events, there were always people who could answer questions over informal lunches or by the coffee pot in the breakroom. Cubicles would spill information over walls, and learning from neighbors was a part of life at the office. Training was offered for teams, and offsites provided opportunities to learn what new tactical and strategic plans really meant on a personal level.

No doubt, security rules evolved dramatically after 9/11, but everyone generally knew what was expected and most people complied with screensaver policies, password refreshes, updated antivirus signatures, security awareness month presentations and more.

Now, I’m not just reminiscing about the past, nor making the case that everyone needs to go back to the office full time. That ship has sailed, and most government organizations are not going back to “the way we were.” But how can we answer essential questions surrounding our work culture of the future?

These culture questions go well beyond security and technology to the heart of career satisfaction and the future of teamwork. And make no mistake, workable security culture answers are vital to securing your enterprise whether your situation is 100 percent remote, two or three days a week in the office, or a hybrid mix of employee locations.

Creating a positive culture of cybersecurity involves solutions with people, processes and technology as government teams all over the world try to maintain cybersecurity resilience with blended workforces. And while the Internet is full of technology tips to help secure remote workers, our new post-pandemic work environment brings new cybersecurity challenges.

So what can be done to maintain a culture of cybersecurity with our new workforce that is often remote?

First, establish a clear security culture baseline. Consider ways to survey your team, not just on cybersecurity topics and what they do each day, but also on their level of connectedness with peers and general job satisfaction. Some possible statements to evaluate include:
  • I feel highly connected to my team and colleagues as we work remotely.
  • I am using my skills, training and abilities to the fullest extent.
  • I understand and align with our organization’s culture and core values.
  • I feel that I am compensated and rewarded appropriately for my work.
  • I am respected and treated fairly by my manager.
  • Cyber protections effectively protect data and reduce risk in our enterprise.
Second, get together — in person, if possible — to build your team’s blueprint for the future.

Look back at popular pre-COVID life to replicate or adapt those actions. Brainstorm ways to improve performance and keep track of your actions from team suggestions. Also, ensure that security controls (both new and old) are applied in a repeatable manner in different enterprise situations, whether at home, traveling or in-office.

Finally, consider establishing a formal mentoring program. There are many benefits to having or being a mentor, and groups like MS-ISAC can help. While the employee-boss relationship is certainly one key to success, measuring positive relationships in a 360-degree way is a great way to maintain open communication with a customer focus. Having a trusted mentor can take your career progression and team productivity to a new level.

As management expert Peter Drucker famously said, “Culture eats strategy for breakfast.” So, what are you doing for lunch?

This story appears in the October/November issue of Government Technology magazine. Click here to view the full digital edition online.
Daniel J. Lohrmann is an internationally recognized cybersecurity leader, technologist, keynote speaker and author.