Leadership Strategies and a Checklist for Placing Security Controls on Remote Work

hand on laptop
Chris Sachse Photo

4 minutes

With proper planning and action, credit unions can effectively offer hybrid office options. 

Employers across the country are planning for a “post-COVID” world and, while many companies and employees intend to return to the office, many have adjusted to remote work, requiring companies to develop hybrid workplace options. According to a PwC survey, 83% of employers say the shift to remote work has been successful, and 55% of employees prefer to work remotely at least three days a week.

For financial institutions, remote work was once rarely a consideration, but the COVID-19 pandemic proved that it is possible. And as companies compete in a new war for talent, credit unions must develop strategies for offering remote and hybrid work options. However, a safe remote environment requires appropriate controls and protections.  

  1. Organizational leadership must invest in the resources needed to provide appropriate protection, just as they would for an office or branch. In physical locations, credit unions implement such controls as alarm systems, card access and a security patrol. Leaders need to extend those protections to all employees, as your “business headquarters” expands its footprint to include remote offices. As leaders, you must ask your IT team what is required to protect your remote workforce and provide the resources needed.  
  2. Leaders often think of IT costs as sunk. But in reality, this is an investment that will support organizational growth, high-quality service delivery, resiliency and reputation. A resilient remote workforce can adapt quickly and effectively to disasters, pandemics and other unanticipated challenges. With more employees working remotely, office-related expenses can be reallocated to IT to not only manage risk but also improve your employee and member experience.
  3. The ease by which a credit union can create a remote work environment is much greater when it is a cloud-first organization. There has been a shift towards agile cloud adoption within the credit union industry, especially as executives discover the cost benefits through a reduction in maintenance expenses and a faster time to market for new applications and services for members. Competing in the fintech marketplace requires digital transformation and a full-scale cloud strategy.  

Every organization is unique and requires different technology to ensure remote work, works. But here is a quick checklist:  

  1. Establish a list of anticipated systems, applications and data employees will need to access while working remotely. This can be done by department or role. The goal is to limit the needs of your users to only what they must have access to, and nothing more. Once needs are determined, tools like Microsoft Active Directory can be used to limit the access of the user. Note that this is a best practice regardless of location—even in the office—as it limits the damage a user can create, intentionally or unintentionally.  
  2. Know the devices employees are using. Determine what devices your remote users are using—this can include smartphones, tablets, laptops and home computers. Limit use for work based on role and to only what is necessary. Never let remote employees use home or shared computers. Credit unions should provide devices or have a robust bring your own device policy in place.  
  3. Ensure you have remote control of any devices used for work purposes. Use platforms like mobile device management to protect and manage those devices. Devices should be encrypted and have the appropriate security agents installed, including endpoint protectionweb filtering, firewalls and log monitors. 
  4. Know where the employee is using the device. Identify what kind of location and in what region or country employees are working. It is also helpful to know if the employee is working in a hybrid, full-time remote mode or full-time onsite. Those with cloud access can utilize remote workstations, which protect data by storing the computing in the cloud, so it never actually resides on remote devices. Foreign countries or locations that have no expected users for a particular credit union can be blocked in the firewall and protected against. Employees without cloud access can leverage virtual private networks. Use the VPN device do a remote inspection—to run a security scan—on any computer before granting it access, if the device has such functionality. 
  5. Develop standard training and remote work policies. Train employees frequently—not just once. Use a platform like KnowB4 to help educate employees on what is safe and not safe. Build a strong policy for your remote employees so they clearly understand expectations and requirements, and what they can and cannot do.  
  6. Have a 24x7 secure operations center using a security information and event management platform. Most credit unions already have this in place, as it is a must-have cyber and regulatory requirement. A 24x7 secure operations center will allow you to monitor the behavior of your whole network, including remote users. This will help you identify abnormal behaviors and issues when they occur. 

With proper planning, strategy and training, credit unions can support remote and hybrid workplace options to improve employee retention and maintain member services while mitigating risk and meeting compliance requirements.  

Chris Sachse is CEO of Think|Stack, a managed IT services credit union service organization specializing in cloud and cybersecurity solutions for credit unions and non-profits. An educator at heart, Sachse is passionate about helping leaders and their teams understand how technology can support their goals while delivering seamless, enjoyable technology experiences. He is vice chair of the Maryland Governor’s Workforce Development Board and a member of the board of Cybersecurity Association of Maryland.  

CUES Learning Portal