Every seismic change in society brings with it great risk, and great opportunity. The events of 2020 and the huge shift to remote working are no exception. On the one hand, the sudden move to virtual has pushed many staff—who may not have in-depth understanding of cybersecurity risks—on to insecure networks and home WiFi systems, making their work more vulnerable to hackers. On the other, the move to remote systems could democratise access to information, helping people make better data-driven business decisions.
The challenge for Technology teams is how to prevent one while enabling the other. At Avado, we made the decision even pre-pandemic to create a ‘data warehouse’. That warehouse centralises and stores data from our key systems so we have one, comprehensive record. Of course, anything that holds this amount of data needs to be well-protected, but the warehouse is a fantastic resource that helps us minimise issues around version control and human error. By combining our data warehouse with a self-service business intelligence tool, we have given everyone in our business the tools to understand and study data, and we have made ourselves that much more agile and data driven.
For example, our people team has been using this data warehouse to measure information about absences, staff turnover, engagement, well-being, and so on. This has allowed us to respond to pain-points amongst our people in almost real time, making the whole experience of managing remote teams during a pandemic far easier. As a result of the changes we made, our engagement scores rose from 73% to 78% in 6 months. We’ve also been able to use data to improve the experience for our learners, taking outcomes data from previous cohorts to create predictive analytics to improve learning outcomes.
With so much—often sensitive—data stored in one place, it’s vital that the right protections are there. At Avado, we see this as largely an exercise in educating our people around good cybersecurity protocol: using multifactor authentication on services; not attaching documents to emails, especially if they contain sensitive data - assigning permissions and sharing instead from collaboration systems; and so on. A lot of this about people making small changes, rather than a complete overhaul of behaviour. We’ve found our people have been very receptive, understanding the potential risks that could arise out of working from home.
We’ve also put in place robust processes around permissions – a key principle being that, when data is sensitive (including any personally identifiable information), people have access to the data they need, but not to data they don’t. This has meant building in access rights models into our key systems, and the data warehouse itself. Maintaining these principles while enabling democratised access to data is a narrow and precarious path to tread, but the rewards are worth it.
We also work hard to ensure our people—whatever department they’re in—have the right training to make sense of data, and know a possible cyberattack when they see it. Restrictions and extra admin imposed without a reason being given tend to irritate people, making them more likely to ignore them. However, once people really understand why things are being done, they are much more likely to comply and even innovate themselves to make systems safer.
Giving whole businesses access to data democratises data-driven decision making. In combination with the right skills and a culture that encourages questions from every business level, this allows companies to become far more responsive and agile. Senior team members bring expertise and experience, while more junior staff often come from a different perspective. Those junior employees might even have more willingness to experiment and more experience with day-to-day pressures. As Technology teams, the best gift we can give our businesses, especially in remote environments, is a secure way to facilitate conversations and innovation.