Protecting Remote Workers

The pandemic-driven acceleration of remote and hybrid work can make protecting employees a complex puzzle. We’ve been working with our clients to solve this puzzle and what we’ve learned over the past few years is that the right solutions start with the right questions.

1. Have you evolved your threat assessment systems to include remote work?
2. Have you merged and consolidated your cyber protection with your physical protection? Do both halves know how to manage physical threats to cyber security?
3. Are you maintaining physical locations? If so, do you have safety plans for lower-occupancy spaces where there are fewer eyes? 
4. Do you have the right access levels for physical locations? Have your Facilities and PhySec teams worked on access for vendors when escorts might be unavailable?
5. Have you looked at your policies and SOPs around notification and mass communications to include remote workers?
6. What are your benchmarks for when to deliver proactive threat messaging to remote workers?
7. Does your workplace violence program include remote workers? Do you have the right guidance for your WPV Threat Assessment Team for domestic/intimate partner violence for remote workers?
8. Are you proactively delivering consistent content for how remote workers can be physically safe at home?
9. Have your crisis management and business continuity teams had tabletop exercises with remote worker scenarios?
10. Have you updated your business continuity and crisis management plans with lessons learned from the pandemic and from remote work?

If you don’t have ready answers to these questions, it’s time to revisit your organizational resilience. 

Step one: Review your policies

We’ll review your current policies around access control, workplace violence, business continuity, and mass communications/notifications to make sure they include remote/hybrid work. 

If your policies need revisions, we’ll help write suggested improvements and work with your governance team on revisions, approval, and publication of updated guidance. 

Step two: Determine your focus areas

Transitioning your resilience strategy can be complicated. We want to help you by tackling the most impactful areas first. Most of our clients want to start with one program area and improve how remote/hybrid workers are handled.

For quite a few of our clients, this has been their Workplace Violence program. We’ll look at how your TAG (Threat Assessment Group) has been functioning and suggest updated language and protocols to help your HR, Legal, and Physical Security partners better address the nuances of a remote workforce. 

For other clients, this has been their mass communications/notification systems. How do you decide who gets alerts for area-wide incidents? Is it the number of employees in an area? The severity of the threat itself? How can you help employees to protect themselves from severe weather or wildfires? We’ll look at your holding statements and severity levels and suggest updates and help write new content if you need it. 

Step three: Build and conduct tabletop exercises

Our principal, Michelle Newcome, has conducted over 100 tabletop exercises; since 2020 many of these have involved scenarios where remote workers have to be taken into consideration.

Using fictionalized scenarios keyed to your operating environment, company culture, and existing protocols is a great way to tease out the nuances of how your leadership and department-level teams handle remote-specific challenges to your operational resilience. 

Step four: Re-write critical documentation

Our team includes technical writers specifically trained to write useful and actionable emergency, crisis, and security content. If we’ve determined from assessments, focus area work, and tabletop exercises that your current guidance documentation is not ready for a remote workforce, we’ll help re-write your content. 

If you need complete plan revisions or an entirely new plan, we can also handle that. Our team can work on plan content in your existing platforms (Fusion, Alert, OnSolve, etc.) or we can provide plans in various document-based formats. 

Step five: Address additional focus areas

Most of our clients begin with a single area in Step 2 and when that area has been successfully updated and fully implemented, they’re ready to tackle another area. 

For many of our clients, after they’ve focused on the safety of their people, a logical next step is to update their Business Impact Analysis (BIA) and Business Continuity Plans (BCP). Remote work creates unique threats to continuity of operations, as well as unique benefits by removing location-based constraints. We’ll make sure your BCP reflects this new world. 

Concerned about cyber protection for remote/hybrid workers? We’ve found most of our clients quickly developed comprehensive programs around cyber protection during the pandemic. But, if this isn’t you or you’d like to make sure your business continuity and IT/DR programs are aligned on remote worker cyber protection, we can work with your inhouse team to build specific tabletop and/or functional exercises focused on your IT/DR and cyber security systems for remote workers. 

Michelle Newcome

Founder

Michelle Newcome is the founder of Risk Resiliency. She excels in designing highly effective and comprehensive resiliency programs for complex facilities.