11 August 2021

Remote Working and (In)Security

Georgia Crossland

Summary
Remote working during the COVID-19 pandemic has had, and continues to have, a great impact on the workforce. Through interviews with senior cyber security professionals, this research explored how the traditional dynamics between employees and leadership have adapted in such times, responding to a rapidly evolving cyber threat landscape, as well as an unpredictable period for organisations and employees in terms of wellbeing and remote working culture. Focusing on the transition to remote working, cyber security, the psychological contract (relationship between employees and employers) and employee wellbeing, the research highlighted several key themes:

Organisations have taken different approaches to security risk management. While some employers relaxed corporate device policy and displayed increased trust in employees to 'get the job done', other employers increased restrictions, occasionally to the perceived detriment of productivity and collaboration. 

Remote working has increased worry associated with insider threats. Through shadow IT practices, inadequate remote working security controls or mitigations, and decreased visibility of remote working environments, participants suggested that there are more opportunities for employees to, deliberately or unwittingly, to expose organisations to risk.

Flexible working and virtual team socials were the most common organisational support mechanisms. Additional support mechanisms included informal carer days, financial allowances for equipment, and mental health support resources.

There is no 'one-size-fits-all' to employee wellbeing through remote working.

Organisational leadership shapes employee experiences. Positive security culture and organisational handling of employee wellbeing were reported where respondents felt leadership clearly articulated and justified a consistent approach to remote working.

As a result of this research, several recommendations can be drawn which may be of use to government policy-makers and organisations:

Executive leadership colleagues should strive for clear and consistent top-level communication across all areas including security best practices and wellbeing and employee support

Executive leadership colleagues should understand employee needs when determining policy, considering employee wellbeing alongside organisational objective.

Executive leadership should take the impact of remote working into consideration when looking at employee retention, and record any potential implications for the psychological contract, especially when remotely on-boarding new colleagues.

Security leadership colleagues should understand employee needs when setting specific policy/ processes for cyber security awareness.

Security leadership colleagues should ensure employees at all levels understand the purpose of cyber security controls and the justification for using them, leveraging executive leadership support where this is required.

Executive and leadership colleagues should note that employees have experienced the pandemic and remote working pressures in different ways. These needs should be taken into consideration when planning future hybrid or "return to office environment' patterns.

No comments: