In the wake of COVID, remote work has become a key retention strategy for many employers, with employees increasingly expecting flexibility. This is especially crucial for attracting and retaining top cybersecurity talent, where the federal government, already struggling with competition from the private sector, must offer remote work options to fill critical cyber roles. Fortunately, technological advances and federal cyber workforce initiatives, combined with practical tools described below, are allowing federal agencies to set the standard for a secure and flexible workplace.
The government might grapple with managing hybrid workforces and default to on-premises work only, particularly for cleared employees interacting with classified information. How do government agencies ensure that classified work is accomplished, while also giving employees the latitude to perform certain tasks in a hybrid work environment? Given the substantial investment—the time and energy of obtaining top level security clearances, acquiring training and upskilling—agencies need to retain these vital employees over the long haul. Here are a few ideas to help employees operate in this highly controlled environment.
Trust is at the core of any successful hybrid or remote work arrangement. Managers and employees must establish a mutual understanding of how the telework agreement enables the employee to effectively carry out mission-critical activities. To foster this trust, managers and employees can cover several key aspects of remote work regarding classified work:
Task stacking is a productivity strategy that involves grouping together tasks that can be performed in the same environment or require similar resources, allowing employees to optimize their time and effort. By strategically bundling administrative tasks that can be completed remotely and identifying mission-critical tasks that require a secure environment, organizations can promote a flexible work arrangement that enhances efficiency without compromising security.
Managers can help employees identify and understand which tasks must be performed in a highly secure environment, and which ones don’t. Many administrative tasks, such as status reporting, scheduling appointments, planning meetings, and responding to emails, do not necessarily require a highly secure environment. Even activities such as annual training and team-building exercises can be conducted remotely without negatively impacting their effectiveness.
Some agencies have implemented innovative approaches to remote work, such as allowing employees to develop unclassified code remotely. Once the employees return to the office, they can then push the code into a classified environment, ensuring the security of sensitive information while still leveraging the benefits of remote work.
To provide greater workforce flexibility and accommodate diverse employee needs, some agencies are exploring alternative work schedules and job-sharing arrangements. Managers can actively support and facilitate these discussions, providing guidance and resources as needed to help teams develop effective strategies for distributing workloads.
Organizations may allow employees to work a compressed schedule, such as four 10-hour days, with the option to work remotely one day per week. This approach can help employees better balance their work and personal responsibilities while still ensuring that critical classified tasks are completed efficiently.
Another avenue to consider is encouraging employees to collaborate with their colleagues in exploring ways to share work assignments. By fostering open communication and teamwork, employees can identify opportunities to divide tasks based on individual strengths, availability, and preferences. This not only promotes a more flexible work environment but also enhances cross-training and knowledge sharing among team members.
Agencies managing sensitive data must provide secure hardware and software to monitor and audit access. This involves implementing robust logging and monitoring systems that track employee access to confidential information and promptly detect any suspicious activity. These systems should be designed to alert IT security teams of potential breaches or unauthorized access attempts, allowing for swift action to mitigate risks.
In addition to monitoring, organizations should deploy remote wipe capabilities within their network infrastructure. This feature enables IT administrators to remotely erase data from lost or stolen devices, preventing sensitive information from falling into the wrong hands. Regular security updates and patch management are also crucial to maintaining the integrity of the organization’s software and systems.
Faced with a federal mandate to adopt zero-trust security by September 2024, agencies are rapidly implementing zero-trust architecture. This approach operates on the principle of “never trust, always verify,” requiring strict identity verification for every user and device attempting to access resources, regardless of whether they are inside or outside the organization’s network perimeter.
This architecture is tailor-made for remote work, verifying every user and device trying to access resources, regardless of location. Its granular access control can also limit access to specific locations, ensuring employees working remotely are not connected to classified data, even if they meet multi-factor authentication and device security conditions.
Not surprisingly, the move to zero-trust has further increased the government’s demand for cybersecurity talent, demand underscored by the Biden-Harris administration’s creation of the National Cyber Workforce and Education Strategy (NCWES). While NCWES seeks to develop cyber expertise nationally, a key tenet of the initiative is strengthening the federal cyber workforce.
To reduce barriers to hiring this sorely needed talent, government agencies can offer workplace flexibility, even in classified environments, by applying practical solutions, like those outlined here. These best practices enable employees who work in secure environments to work from home successfully and securely, while allowing the government to attract and retain key talent in a very competitive world.
About the Authors