Squaring the Circle: How to Keep Remote Workers Engaged & Secure

University CU’s CEO shares lessons and best practices from leading a team that has been remote-first for four years.

Credit/AdobeStock

Pre-COVID, a partial or fully remote workforce was not a common occurrence for many employers. Then 2020 and the pandemic caused a major disruption in the workforce landscape. Most employers were not adequately prepared or equipped to go fully remote.

Our organization had discussed and planned for remote work, but the disruption brought on during COVID forced us to accelerate our plans. As we prepared to launch remote working as quickly as possible, it raised the question, how do you keep employees engaged and data secure while continuing to meet the needs of the business?

There are a lot of lessons I have learned as the CEO of a credit union that has been remote-first for the last four years. Our strategic decision to remain remote was based on several factors. First, our headquarters are in an area of Los Angeles that requires long commutes by most of our team. We serve members across the country, and we are not limited to one geographical location. And finally, by being remote we have gained access to a larger labor market and hired exceptional talent.

Over the past several years, we have figured out how to square this circle, ensuring that employees have access to the data they need, while also protecting against data security risks. We now have employees in 17 states who work as seamlessly as if we were all still under the same roof. Data security, ease of access and engagement are all necessary components for a successful remote workforce.

The Unique Security Challenges of Remote Work

Keeping data secure while also making it accessible to employees who need it is a challenge in any environment, not just ones involving remote workers. However, the scale of this issue increases dramatically when employees work in a hybrid or remote environment.

A remote environment requires more self-service options. Employees need technology that gives them access to the information they require, when they require it. Tolerance levels for lagging or glitchy technology are minimal and the demand for instant access is expected.

At the same time, remote workers increase data security risks. They bring data outside the walls of the organization, both physically and technologically. Data security becomes even more imperative when thinking about all the sensitive information a breach of a financial services provider could expose. I have spent many sleepless nights thinking about how to secure our data. Corporate firewalls can only protect so much in this new environment.

Also, gone are the days of locking an office door to physically secure a device. Remote employees rely on physical devices that can exist anywhere. Device loss and theft are a much higher risk with a remote workforce.

On top of these issues, remote employees can work from literally anywhere, which means assumptions can’t be made about the security of the networks they connect from. It’s not just employees’ own home networks that could expose data to bad actors. It’s also the networks of friends’ houses, coffee shops, airports or any other location from which employees choose to connect.

Balancing Data Access With Security for Remote Workforces

At our credit union, our strategy for keeping remote workers productive while also managing security risks includes all of the obvious steps. We invest in training and education about cybersecurity. We conduct phishing tests. We monitor the devices and networks that remote employees use. And we use AI chatbots to help employees navigate internal information systems, making it easier for them to find the information they need no matter where they are located.

But the real linchpin of our strategy is what’s called Desktop-as-a-Service, or DaaS. DaaS provides employees with access to virtual desktop environments that are hosted in cloud data centers. We provision those environments (which are powered by a service called Vega Cloud Secure WorkRemote, and we implemented at the suggestion of our cybersecurity consultants Stickley on Security) with the applications and data our employees need to do their jobs, then allow employees to connect to them from devices of their choice.

What this means is that employees have access to an always-on workstation environment that they can use from anywhere, simplifying their access to data. At the same time, because the apps and data they use are hosted on secure cloud servers, sensitive information never leaves the data center. Incidents like lost or stolen devices are non-issues because they don’t place our data at risk.

Since implementing this solution, our employee satisfaction scores based on internal surveys have surged. They’re now nearly 50% higher than they were when we required everyone to be in the office. And we continue to maintain an excellent cybersecurity scorecard, which I like to take as proof that we have squared the circle – we’re giving our employees the data access they need to be productive and engaged, while also keeping our data as safe as possible.

Pairing Security Technology With Security Culture

As the folks at Stickley on Security put it on their home page, “Employees are going to work from home. A VPN is not going to make them secure.”

What will keep them secure is combining the right technology with the right security-centric culture (which we establish through training, phishing tests and the like). When you address both sides of this equation, you get remote workers who become one of the greatest assets in your cybersecurity strategy, rather than one of the biggest risks.

David Tuyo

David Tuyo is President/CEO of the $1.1 billion, Los Angeles-based University Credit Union.