By: Christopher Budd
How businesses can plan for better business operations and improve security and privacy, post-pandemic
As more of the world looks toward a post-pandemic life, it’s important for small and medium business leaders to think about what they want their businesses to look like and how they operate moving forward.
This isn’t just an abstract question. In the United States, businesses are beginning the process of moving into a post-pandemic world and employers are finding two things. First: that it’s difficult for many to attract and keep employees, resulting in a labor shortage in some areas. Second: that employees and potential employees are making it very clear how important remote work is as an option. A recent article in Bloomberg noted that a May 2021 survey of 1,000 U.S. adults showed that 39% of them would consider quitting if their employers weren’t flexible about remote work. That number jumps to 49% when focused on younger generations.
As we approach the “new, new normal” there’s a unique opportunity for business owners and leaders to consciously shape the nature of work moving forward. And, in many cases, it’s essential for attracting and retaining the best talent.
What is the new, new normal?
During the pandemic, we heard a lot of talk about the “new normal.” For businesses, this specifically referred to the rush to adopt remote work in order to adapt to pandemic-imposed lockdowns.
That move forced adoption of new approaches and technologies, including remote work tools like Zoom, Slack, and Teams. Because everything changed quickly and without planning, most businesses didn’t account for security and privacy. They didn’t have time to.
This “new normal” was in contrast to “the old normal”: life before the pandemic. If the “new normal” was characterized by a lot of changes forced by necessity, the “old normal” was characterized by inertia and tradition; a lot of because “we’ve always done it that way.” This applied not only to face-to-face meetings but to the technology we used and the way we used it. A lot of the “old normal” for businesses was focused on-site with people, systems, applications, and customers on premises.
The “new, new normal” is what comes next. It is a classic synthesis of “the old normal” and the “new normal.” But one thing that makes the “new, new normal” different from either of these is that we can shape it consciously, free from the unthinking inertia and tradition of the “old normal” and the haste and necessity of the “new normal.”
Beyond the obvious business benefits from making thoughtful, conscious decisions about the nature of work in the “new, new normal,” there is another benefit: This is an opportunity to make security and privacy considerations central for your business’ policies and operations. And as we’ll discuss below, this can improve not just your business but its security and privacy — which in turn also helps your business.
We also see how important maintaining remote work is for many employees and thus for many businesses. Many businesses will need to formally and permanently adopt remote work policies to attract and retain the best talent. That means now is the time to build those policies with security and privacy in mind.
Conscious planning means integrated, and better, security
Security leaders and teams often have to figure out how to make security and privacy work with operations and policies that have already been decided. We sometimes refer to this as “bolt on” security and privacy, meaning they are attached (“bolted on,”) to something that’s already complete. “Bolt on” security and privacy is never as good as integrated security and privacy. Integrated security and privacy is always better, more effective, cheaper, and more successful than when it’s “bolted on.”
If you’ve ever built a house or done a remodel, you probably understand this well: Things are always better, cheaper, and more effective when they’re part of the original planning rather than added after the fact. The same is true for security and privacy for businesses.
Give security and privacy a seat at the planning table
The way to integrate security and privacy into your planning and discussions around the new, new normal is actually simple and straightforward: You ensure that both security and privacy have a seat at the planning table, literally and metaphorically.
It’s important to note that this is something any and all businesses, regardless of size, can and should do. If you’re a small business that doesn’t have a dedicated security or privacy team, you can bring in outside security and privacy expertise, like managed security solution providers. Or, at the very least, you can make sure there’s always a security and privacy component to your planning.
For example, let’s say that as part of your planning for the new, new normal you want to enable your billing department staff to work from home some or all of the time. One of the questions you’ll have to answer is how those employees will be able to access your billing system. You decide that the best way to accomplish that is to move from a billing system that’s currently on your employees’ computers in the office to a cloud-based system.
As part of the plan to move to the new cloud-based system, you look into what options there are to ensure that your employees’ access to the billing system is as secure as possible. As you work through the issue, you decide that you’ll make it your company’s policy that you’ll issue work laptops for those remote workers and this will include security software with antivirus and remote access capabilities that you provide.
You also decide to implement multifactor authentication to access the new cloud-based billing system. Finally, as part of your evaluation of cloud-based billing system providers, you make a point to check and ensure that the solution you choose can help you comply with the California Consumer Privacy Act (CCPA) and the EU’s General Data Protection Regulation (GDPR) because you have customers in California and in Europe and realize that this solution can also make compliance with those regulations easier than doing it yourself.
In the end, you have made a decision on how you want your business to operate in the post-pandemic world. And as part of the process of evaluating and implementing that, you’ve made security and privacy concerns equal priority to other business concerns. And you end up with a cloud-based solution that is more cost-effective, has better overall security, provides better support for privacy regulation compliance, and, most of all, supports your new business requirements.
Planning for a better post-pandemic future
As we prepare for the post-pandemic future, there’s a lot of reason for optimism. One reason is that this situation gives everyone an opportunity to make large-scale revelations. For businesses, this means an opportunity to make conscious decisions about how you want your business to work moving forward. This in turn opens up an opportunity to improve your business, security, and privacy by consciously making them part of your process as you design the future of work for your company. In many ways, this is probably a once in a lifetime opportunity. It’s best to take fullest advantage of it.