Written by Natalie Walker, Compliance Standards Manager, IPI
At the start of 2020 no one could have predicted the sweeping change to working practices that was afoot. The advent of the UK’s first lockdown in March 2020 forced many organisations to close their doors overnight, propelling them into a new world of homeworking that most were unprepared for. For some, this was unprecedented change, and organisations had to quickly establish procedures and source the technology to enable employees to work remotely.
For employees too, the move to homeworking marked a departure from the norm. Prior to the outbreak, a massive 68% of British employees had never worked from home. For some, homeworking provided a welcome change, presenting a better work-life balance, free from the daily commute. For others, the reality of working from home was exchanging an open-plan office for a kitchen table and homeschooling – a prospect hardly desirable in the long term.
On the whole, this change to working life has largely been viewed as a positive one, with YouGov finding that once the crisis is over, 57% of employees want to be able to continue working from home.
Preparing for change
With this in mind, organisations have a real opportunity to foster a more flexible workforce that incorporates both office-based and remote workers.
This notion of the hybrid workforce has been spoken about for years, but the pandemic has effectively acted as a catalyst for change, speeding up the process of making it a reality. Indeed, only recently, Nationwide announced plans to enable its 13,000 strong team to “work anywhere” bolstering its flexible working practices. Santander has similar plans too. And they are not alone. This is the future of work, but its success hinges on ensuring that organisations have the right procedures, policies, and tools in place to facilitate the change – and do it well.
Revisit the old, instigate the new
As organisations consider embracing homeworking in the long term, security must be central to their plans. As part of this, existing cloud-based systems, perhaps rolled out in haste to meet the immediate need for homeworking, need to be reviewed to check if they are still fit for purpose. Where necessary, these should be recalibrated to ensure that IT security practices within bricks and mortar offices are mirrored in the remote world.
Beyond the technology implemented, corporate policies regarding security should also be reworked and drafted afresh to reflect new working practices, focusing on the need for employees to practice safe IT from wherever they’re working.
Protecting a new age of home workers
With the human element often the weakest link in a secure infrastructure, companies would be well advised to focus efforts here by promoting secure working practices both inside and outside the four walls of the office. Here are my top tips on how to do this effectively:
- Educate employees on the increased threat landscape
The pandemic has prompted a rise in opportunistic threats such as phishing. Phishing is a socially engineered attack designed to either steal information, introduce malware, or make the victim transfer money or items of monetary value to the sender. This is commonly introduced through email but can also be texts or voice calls. It is often accomplished by the recipient receiving communication impersonating a trustworthy organisation or reputable person. The number of scams throughout lockdown have increased in both frequency and sophistication and as such, organisations are well advised to highlight the risk to employees. Before opening any email from a person outside of the organisation, check that the sender’s name, email address and email domain matches the organisation that the sender claims to be from before opening.To further highlight the danger and reveal any potential human weak spots, organisations can introduce ‘simulated phishing’ in the work place. This sees the organisation create and distribute fake phishing emails to employees to see which employees click through on the links. This enables employers to identify where the weakness in the chain lies and to take steps to educate staff further on the dangers.
- Use dedicated tools to collaborate and share materials
Collaboration amongst teams is essential when operating a hybrid workforce. However, the challenge of sharing information is heightened when most are in different locations. Organisations here can encourage the use of dedicated channels, such as Teams or Slack, to communicate securely with external contacts. When setting these up they should be clearly labelled external and contain a Manager as a member (or owner, if appropriate) as best practice procedure. This will force employees to limit the sensitive information shared.In addition, when sharing data externally, consider using dedicated sharing software that handles the distribution of materials via a secure portal. This will minimise the risk of sensitive documents being inadvertently shared with the wrong people.
- Reinforce desired secured behaviours through regular training
One of the downsides of working outside the traditional office environment is that employees can let their guards down. They fail to lock their PC, they let family members use their devices, they print sensitive work documents and leave them on the home printer. Every one of these actions creates additional risk for organisations.If employees want to be trusted as remote workers, organisations need to have faith that they are going to maintain security standards even in the home environment. Run regular training sessions for staff as a reminder of the secure behaviours you want to reinforce. This will ensure that secure working is top of mind for employees.
The hybrid workforce – secure and here for the long haul
Aside from the small matter of geography, there should be no difference between the practices of the office-based worker and the remote employee. The same tools and processes employed within the four walls of the office environment should be replicated in a remote working world. At the heart of this, it is absolutely essential to make sure that the IT security of operations is not compromised in the process. However, with some carefully worded corporate policies, a robust training programme, and clever collaboration tools, organisations can ensure that the workforce remains secure wherever it is.