Over the past two years, most organizations have gone from "full steam ahead" on digital transformation to "operation warp speed." CIOs are charged with super-fast-tracking this digital enablement and fostering cultures rooted in speed and agility, but they're increasingly running up against a common limiter: insider risk to valuable data, amplified by decentralized, remote and hybrid workforces using cloud tools to connect, collaborate, get work done — and do it smarter, faster, better, in the face of unprecedented circumstances. Employees are 85% more likely to lose or leak data than they were pre-pandemic, and most experts think the rate of insider risk will continue accelerating over the next two years.

Despite growing insider risk, it's encouraging that most organizations have moved away from the "lock it down" mentality that's far too limiting - and just doesn't work - for this new world of work. CIOs know they need to enable employees. But they can't ignore the realities of insider risk. Trust is the key ingredient here — and some of the most forward-thinking organizations are attacking the challenge of building trust on two fronts:

Trust through transparency

The conventional relationship between security and employees has always been far too adversarial. But being transparent with employees about your data activity monitoring is just as critical to building a culture of trust. Employees need to understand exactly what you're doing to monitor data activity — and they should know that you're doing it protect their work product. Moreover, they should understand that you care about what the data is doing — not what they are doing. This isn't spying; there's a big difference between monitoring data movement and reading all employee communications. In other words, you don't care what employees are doing if it's not touching valuable or sensitive data.

Trust through training

Plenty of insider risk is done by accident or ignorance. Employees are just trying to get work done and don't realize what they're doing, don't recognize the potential impact/cost of the risk they're taking, and/or don't know there’s a better (safer) way. Everyone says that education goes a long way toward solving the insider risk problem. But most education is far too intermittent: usually just during onboarding, at most an annual review of policies. It tends to be the same old training modules — not the kind of stuff that inspires engagement. And its almost exclusively focused on external risks. Case in point: Phishing training has been remarkably successful in getting employees to "think before they click." But outside of phishing there's little to educate employees on basic things like what applications are approved for use, the rules of use (and particularly file-sharing) for those apps, what data they can share, what data they're entitled to take with them — or even why the organization cares about any of this.

What does better security training look like?

The first step in building trust through training is to proactively answer these questions in order to steer and change employee behavior. This means investing in both long-form, on-site training and short-form, on-demand training modules to regularly instruct and remind users of the best behaviors.

But the biggest opportunity exists right in the moment that an employee does something risky — and that's an opportunity that's almost completely unexploited. Organizations need to take a page from the Marketing 101 handbook and focus on delivering the right message to the right people at the right time. Think simple, bite-sized videos that address very specific user behaviors and situations. Now, imagine being able to deliver this just-in-time training, triggered by your fully transparent data activity monitoring. If an employee shares a sensitive document with public permissions, they get a quick video on how to make private sharing the default — and why public sharing is a big problem for the business. When an employee sends a file over Slack, they get a short how-to article on file-sharing best practices, giving them easy alternatives that are just as quick and much more secure.

Enabling Your Biggest Asset: Your People

Insider risk is rapidly becoming the biggest barrier to digital enablement of the business. Employees (to their credit) aren't letting this stand in the way. They're working around restrictive tools and conventional, adversarial approaches to move work forward quickly and effectively with the latest tools and tech available. It's definitely a people problem — but your people aren't the problem. Their ingenuity in pursuit of greater productivity, collaboration and innovation are your organizations biggest asset. To fully enable your people (and your business), you need to build a foundation of trust. That means shifting your approach to make sure your security technologies, your training policies and your fundamental approach to data security and protection are all working together with (not against) your employees. Creating this kind of transparent, trusting environment is the key to accelerating your digital enablement — and turning agile collaboration from a big risk into your biggest competitive advantage.