A paradigm shift is occurring in business. The idea of a corporate culture being defined by its policies and cubicles is being swapped out for more organic and open models that are shaped by a business’ employees — not its rulebook.
At Soteria, we have adopted this new business culture wave — and have the Nerf guns, beer fridge, and modular Ikea furniture to prove it. We often speak with growing and well-established firms that share in our love of “open” company culture. However, when it comes to protecting company data, many firms view implementing security as a culture killer. How can a business’ culture encourage collaboration, yet promote segmentation at the same time? How can you establish trust in your firm if your employees feel Big Brother is watching?
Good news! Security and business culture can co-exist. We have outlined three common “security vs. culture” challenges businesses face and provide insight into how security can be a culture fit rather than a culture clash. For each section, we present ways that security may conflict with business culture. We then follow-up with our recommendations on how to make security a culture fit within your firm.
1. Endpoint Protection:
Business Culture Clash: Many traditional endpoint protection products, such as antivirus, block employees from visiting certain sites deemed as security risks. Annoying pop-ups warn employees of the impending danger that lies ahead if they visit a certain site. Not only are these pop-ups annoying, employees may feel their good judgement is not trusted when searching the web.
Business Culture Fit: Endpoint protection solutions that monitor discreetly in the background for suspicious behavior exist and are excellent solutions for companies that want to maintain an open culture. These solutions act like traditional antivirus in that they can detect the presence of security threats and do so without blocking websites or deploying senseless alerts. The discrete nature of these monitoring solutions enables your business to protect itself from cyber threats without prohibiting your employees from doing their jobs — or sneaking a peek at their Facebook during work. Check out Soteria’s Artemis™ platform, an endpoint protection solutiondesigned to meet the security and cultural needs of modern businesses.
2. Personal Mobile Device Use:
Business Culture Clash: Preventing employees from being able to use their personal mobile devices, such as cell phones and laptops, for business is often viewed as a hindrance to productivity. Additionally, employees often have a certain comfort level with using their personal devices for work, and removing that sense of familiarity is a direct culture clash. Many young firms are also not in a position to be able to afford phones and laptops for their employees. Whatever the reason, we understand how preventing employees from using personal devices could clash with your business.
Business Culture Fit: Give your employees an option to use their personal devices for work, but require your employees to install a Mobile Device Management (MDM) app. These apps provide a simple and non-invasive way to ensure your company information is password-protected on your employees’ personal devices. MDM apps also enable you to remotely wipe an electronic device, such as a phone or laptop, if the device is lost or stolen.
3. Document Sharing:
Business Culture Clash: Preventing your firm from using cloud sharing platforms to complete their work limits transparency and hinders your employees’ ability to share information within and across teams — both placing limits on company productivity and unity. Limiting your employees access to information is a good way to secure your company’s data, but it shouldn’t come at the cost of hindering productivity and blocking transparency.
Business Culture Fit: Go ahead! Use your favorite cloud sharing platform across your company. But make sure you get in the habit of setting up folders and sharing them with the employees that need the information to do their job. Is there a good reason why your product development team has access to your company’s financial statements? Unless you can make a strong justification for why an employee needs access to certain company documents to be effective in their job, you should set limitations on who has access to the information. (Remember: Always ensure your business accounts are set up with secure passwords and have two-factor authentication enabled when possible.)