By Nic Merriman, CTO, Financial Services, Avanade
Banks take security very seriously, for obvious reasons. They pride themselves on their ability to protect against threats, both externally and internally. Without consideration, however, the need to protect can come at a cost to a bank’s customer and employee experience. While many banks have done a great job of balancing their customer experience with their security needs, few have considered the impact this can have on employees.
It’s only recently that banks are starting to wake up to this, driven largely by the urgency to deliver technology-rich services to compete with the rising neo banks and fintechs. The war for talent is on, calling on banks to differentiate themselves with compelling workplace experiences. And yet, it’s evident the approach banks are utilising to maintain security is actually holding their employees back from delivering: limited access to outside emails; restrictions placed on the internet and social media; and insufficient remote access, just to name a few.
Banks are at risk of losing their best and brightest to the challengers. Young, dynamic professionals want flexible and collaborative workplaces. They want to connect with colleagues no matter where they are, and to accomplish things as efficiently and enjoyably as possible. But many banks are struggling to provide an environment like this.
Moving away from the traditional approach
The challenge is that many banks have traditionally viewed security as something separate from workplace experience. The reflex of security departments is to protect at all costs, and given today’s climate of high-impact data leaks, one can hardly blame them. The trouble is, issuing a “blanket ban”, while effective at protecting information, goes against modern ways of working. Surely there’s a middle ground where employees can access information flexibly, but also securely.
Raiffeisen Bank International (RBI) is a good example of a company that has found the middle ground. A corporate and investment bank based in Austria, with 50,000 employees and operations across Central and Eastern Europe, RBI wanted a more innovative and collaborative way of working.
The team wanted to evolve beyond its culture of frequent meetings and sending email attachments. It also wanted to find a more productive way of securing the approvals that were often necessary from a risk management standpoint. However, information security was a non-negotiable, so the solution needed to be just as secure as it was flexible.
A balanced solution
RBI used Microsoft Office 365 as its foundation. Built on a secure cloud connection, it enabled all applications to be fully accessible from anywhere, including on mobile devices. Enhanced collaboration around the globe also removed lengthy review cycles with documents able to be edited at the same time.
An additional advantage for RBI was the security built into the technology’s design. This was essential to ensure that information could be exchanged efficiently, without putting sensitive company information at risk. Instead, the company introduced features to ensure that the employees who should access information could do so with ease, while the people who shouldn’t could not.
Of course, an approach like this requires a complete shift in mindset. Cloud-based working environments help banks offer flexible and collaborative conditions that modern professionals want, but this means letting go of the traditional “perimeter as firewall” perspective. It requires a more nuanced approach to information access based on user profiles, built on an understanding of the different information and tools each employee needs to do their jobs effectively. For example, the risk of opening up social media to all employees might not make sense, but granting access to the marketing team surely does.
Building a culture of security
Another necessary change is better collaboration between security teams and those with expertise in employee experience – namely HR and Communications.
For instance, in the case of RBI, the organisation developed a comprehensive change management programme to help steer employees in the right direction. “Change agents” and “change ambassadors” within the company were used to excite employees about their new working environment. Telephone conferences and drop-ins during regular departmental meetings were organised to inform employees in person and answer any questions. Training sessions and a helpline mailbox were also provided to support the transition to a new way of working and to address any issues quickly.
The change management programme served several purposes. Not only did it help to improve use within the new working environment, it also served to empower employees to take responsibility for security themselves. Rather than a ‘blanket ban’, a more effective approach is to educate employees about information risks and the role they play in maintaining security. Providing them with tools they can use to apply their learnings goes one step further in creating a culture of security, which is the most effective way of preventing data leaks.
A new way forward
If banks want to provide a more engaging working environment, they need to change the way they view security. As important as it may be, security simply can’t be bought at the expense of a compelling employee experience. Banks need to find a smarter, balanced and more flexible approach if they want to attract the market’s brightest talent.