These days, most organizations are striving for an improved digital employee experience. But what about the cybersecurity element?

Typically, most security execs concentrate on how cybersecurity risks are making their way into the organization (the ‘outside-in’ approach). Even our own security executives at BrainStorm admit that employee experience isn't always top of mind. Data security comes first. 

Truth is, hackers are indeed becoming more sophisticated and persistent, which means it’s harder than ever to keep data secure. But an ‘inside-out’ approach (employee experience) also matters. Here’s why. 

 

The importance of technology experience management 

According to a Forrester report, Best Practices: Technology Experience Management (available to Forrester subscribers or for purchase), an employee's experience with technology plays an important role in employee engagement.

An effective digital experience is also linked to improved business outcomes, lower costs, and improved security.  

As a security executive, you know that progress for progress’ sake isn’t always secure. If you’re in a small business, you’re likely juggling multiple responsibilities, reviewing potential solutions to your most vexing security challenges, and getting buy-in from your entire organization.  

It takes time and patience to build a digitally secure experience for employees. But it’s easier when you are fully aware of the challenges and opportunities in your path. 

 

Top challenges to an optimal digital employee experience

Graphic illustration, 5 challenges to improving digital employee experience: prioritization, organization, technical debt, adoption, and continuous improvement (BrainStorm, Inc., 9-8-21) What are common roadblocks to improving employees' digital experience? And how do you overcome those challenges?  

Forrester surveyed over 1,200 tech leaders who are looking to improve their digital employee experience. Survey responses indicate five overarching concerns:  

 

1. Prioritization 

Challenge: “Where do we start?” It takes planning, research, and data to provide the best tools and improve the employee experience. 
 
Of surveyed organizations, only 34% are collecting feedback, and 20% are applying design-thinking approaches to employee tasks. 

Tip: Start with collaboration technology, information access, and security policies. Be sure to collect feedback throughout the year from multiple sources. And use real-time telemetry to benchmark the experience. 

As part of an initiative to improve information for frontline workers, Southern Company Gas invested in SocialChorus’ FirstUp platform, enabling it to deliver task-critical information to employees wherever they’re located and driving a 45% increase in employee engagement. 

Source: Forrester 

 

2. Organization 

Challenge: “Who owns technology experience?” The employee experience is a shared responsibility, usually without a designated leader.  
 
Only 51% of decision-makers say they have an individual goal and their IT department has a team goal to improve the employee experience. 
 

Tip: To determine ownership, create a dedicated digital employee experience team. Have them think about improvement as a product. Also, determine goals and metrics for IT service staff to help get their buy-in. 

The Federal Reserve Bank built out a technology experience team that focuses on listening to employee needs, redesigning experiences according to employee demand, increasing awareness of new solutions, and driving technology adoption. 

Source: Forrester 

 

3. Technical debt

Challenge: “How do we deal with legacy?” Many organizations have legacy tools, process, and skill sets. Successful organizations will have a plan for dealing with these issues. 
 
At surveyed organizations, 32% are investing in new tech to help employees with their day-to-day job functions.  
 

Tip: Address legacy tech by migrating to the cloud. Also, increase skill development and automate inefficient legacy processes. 

The US Department of Veterans Affairs is investing $96 million over the next five years to automate monotonous tasks, such as scheduling and record maintenance, to help free up time for employees. 

Source: Forrester   

 

4. Adoption

Challenge: “How do we get employees to use the new tech?” Managing change is an ongoing challenge in the modern workplace. Successful organizations develop a change management strategy. 
 
Only 38% of organizations say they’re increasing access to training and skill development. 

Tip: Build a plan to help employees embrace the new technology. Communicate, collaborate, designate champions, and collect consistent feedback after the adoption push. 

As part of an initiative to drive mobile app adoption, one large US manufacturing company built a detailed marketing strategy featuring open houses, video tutorials, and newsletters to spread the word of the usefulness of the new apps. 

Source: Forrester 

 

5. Continuous improvement

Challenge: “How do we continue innovating?” It’s difficult to make room for innovation while catching up with software changes.  
 
Tip: Develop metrics you can track—and involve the entire organization. Finally, rely on native security measures (instead of third-party security apps). 

One IT leader at a large US federal government agency noted that security-agent sprawl contributed to increased device boot-up times of up to 20 minutes. Thankfully, reliance on third-party security agents is decreasing. In 2020, 50% of global security decision-makers said they planned to increase their use of native OS security features over the next 12 months. 

Source: Forrester

Next, consider the cybersecurity implications of employee experience. 

 

Employees don't take a security-first approach to apps 

If data security is your first concern, naturally you’ll make technology decisions around that top goal. But not all employees share these concerns. 

Here’s a classic example. An employee hears about a new app that has helpful features. It looks nice, it’s brand-new, and has just the features they’re looking for. In sum—the employee believes this ‘shiny new toy’ will improve their work experience.  
 
What’s missing here? 

  • Redundant features. Individuals don’t usually consider that existing apps offer the same functionality as a new app. Basically, employee requests like this one offer insight into the user’s knowledge of their software tools. And these insights pave the way for additional training. 
  • Security risks. Most users don’t consider the security implications around a new app. What permissions does the app require? What data could be exposed by this app? Focusing first on security may mean passing up a shiny new app. But users need to understand why. 
  • External apps. Employees often aren’t aware of the risks involved with downloading external apps and software. If an employee downloads a free app to company-owned hardware, they might be putting sensitive data in jeopardy.  

97% of Google Workspace users have authorized at least one third-party app access to their corporate Google account, potentially exploiting data to third parties.

Source: CSO Online

 

Cybersecurity risks from the inside 

Green background, flow chart showing employee faces (how employee choices impact cybersecurity). BrainStorm, Inc. (9-8-21)

No matter how you protect your data, just one false step by an employee could leak sensitive information to bad actors. Just another ongoing challenge for security professionals.  

43% of people have made mistakes at work that compromised cybersecurity. 

Source: Tessian

To help prevent unintentional data breaches, teach your employees safe habits. Consider involving the technology champions at your organization. Champions help encourage employees by example and by answering key questions. 

Most importantly, teach employees how to build secure behaviors. A once-annual security awareness training simply isn’t enough anymore. Top user security behaviors include: 

  • Being suspicious of email attachments 
  • Educating oneself about the latest threats 
  • Hovering over unknown links before clicking 
  • Using the BCC field when sending a message to multiple recipients 
  • Using a company-approved collaboration platform for work-related messages 
  • Blocking and reporting suspicious email senders 
  • Using complex passwords, 2FA, or MFA unique to each account 
  • Avoiding download links in unrequested emails 

Ongoing security training and awareness 

With the autonomy that comes from working remotely, security risks are higher than ever. How will your users know how to keep data safe?  

Good news. With careful planning and training, you can improve the digital employee experience and teach secure habits.   

Naturally, many learning solutions exist. Make sure your solution covers these basics: 

  • Safe data storage and file sharing principles 
  • Staying apprised of new software updates 
  • Ongoing training to improve basic technology skills 
  • Best practices to avoid common hacking ploys 
  • Governance and compliance best practices 
  • Assessments, walk-throughs, videos, and micro-learning modules 

To get your software adoption and security training started on the right foot, download this digital transformation guide.