Working From Home: The Security Professionals' Perspective
18 May 2020
MUCH HAS been written about the current increase in home working as a result of the COVID-19 pandemic. While remote working simply isn't an option for many companies and their myriad employees, for others business is at least continuing even though it's not a case of 'business as usual'. Here, Mike Hurst examines the impact of home working on the security profession.
The COVID-19 pandemic has witnessed a welcome increase in the levels of respect and recognition afforded to those many professionals operating in the healthcare sector. Indeed, this has been extended to blue light Emergency Services personnel, front line security staff and operatives working across the public sector, all of whom are providing invaluable services. While the cynic inside me fears that, once we eventually return to a normal way of life, some of these attitudes and practices will also return to pre-pandemic ways, the optimist hopes that we may be establishing some new heuristics that are here to stay.
As someone who speaks on a regular basis to security, risk management and business continuity-focused professionals, I'm both pleased and interested to hear that their internal conversations have moved from the “is our business continuity plan up to the job?” to the “how do we transition out of this?” phase. Alongside these vital operational concerns, organisations are looking in fine detail at how they need to adapt their strategies to consider what has happened and look ahead as to how they will take on the challenges presented to first survive and, thereafter, thrive.
Clearly, companies which normally have staff working from central and regional offices will be reviewing their practices to see how working from home has affected business, what new practices have worked well and which they need to keep and what old ones they may need to re-introduce. These reviews will no doubt encompass an assessment of impacts on productivity and effectiveness, the degree of interaction between teams and team members and, hopefully, any potential welfare and psychological issues that working remotely may have caused (or be causing).
Many companies will also be assessing their physical estate to ascertain whether it's all needed or whether having people working remotely means that the enterprise can reduce costs by maintaining smaller offices, using more hot desking and having staff working at the office on a less frequent basis. This could save money. For example, people will be paying less to commute (rail fares continue to rise above inflation, after all), but costs may increase as people need to have more office equipment at home in order to work effectively.
There will also be a requirement for different insurance policies and better levels of physical security. This could also mean less congested public transport, fewer emissions, a better work-life balance for employees and, potentially at least, more efficient and profitable organisations overall.
Best people for the job
There are various issues to consider regarding information security, home networks, VPNs, the use of private e-mail addresses and computers, the sharing of files, encryption and the physical security of those employees who decide to work perhaps in a local business centre. We're not going to address them here, but these issues (and many other similar points) do need to be considered.
It wouldn't be correct to suggest that there are no pitfalls involved with home working. Management will need to adapt to this new climate in the way they interact with, monitor and motivate teams of people who are more used to working as a team in the same location. Will the members of staff miss those so-called water cooler moments, chatting about the game last night and what they did at the weekend?
Going forward, and perhaps more than ever before, all of this will mean that having the very best people working in the business is vital. Historically, when recruiting for a new member of staff, many companies would have prioritised those individuals with directly relevant experience. Of course, this is not an unreasonable approach to take and, indeed, is still important. However, changes in the workplace (and, indeed, the workforce itself) mean that aptitude and transferable skills are becoming the key to ensuring a given teams’ overall effectiveness.
Now, companies (and, through them, recruiters) are being asked to consider key points like attitude, ambition, the diversity of personnel, the diversity of thought, the core values that match the company’s own and individuals' flexibility and adaptability. Willingly or unwillingly, employers are spending more time looking at people management and development, the issue of mentoring, the requirement for growing and developing skills to prevent employees stagnating in their careers, the need to maintain workplace performance, staff retention and the development of intrapreneurial outlooks.
Looking after their people is clearly the right thing to do for all businesses. In essence, a company will succeed if its people succeed.
In a recent blog, the Recruitment and Employment Confederation states: “Over a third of recruitment business leaders who've taken part in our COVID-19 webinars consistently said they are very confident that the economy and their business will bounce back post-COVID-19. This is a steady confidence level we've been observing for the past five weeks.”
Recruitment professionals are working with companies now to meet the challenges of the changing workplace and recruiting in the post-COVID-19 landscape.
Thoughts of security professionals
With all of the aforementioned in mind, earlier this month we conducted a detailed survey at HJA Consult in order to ascertain the views of security professionals who are currently working from home and find out how they've been coping with the situation. The poll was anonymous and, of those who responded, 90% are presently working away from the office.
An interesting, but perhaps not surprising headline point to pick out is that only 20% of respondents feel that they are now working less effectively, with over a quarter suggesting that they're working either better or much better than prior to the pandemic.
When asked if they would like to carry on working from home once the pandemic has passed, only 13% of respondents said they would not. Of those that expressed a preference, over a quarter want to work from home two days per week, while almost 40% have adopted a pragmatic approach, suggesting that it would depend on the demands of their role.
From a security viewpoint, it's reassuring to note that 70% of respondents said that they/their employer had assessed the physical and information security issues involved with working remotely. However, 20% replied that welfare issues had not been considered when looking at working from home, with a similar number feeling unable to raise any well-being issues with their present employer.
When asked: “How advanced are you/your employer in your planning for business after lockdown, albeit given that the situation is very fluid?” over 50% answered that plans had been made, while 40% are at the planning stage right now. It's worth noting this tallies with conversations we've been having with clients and business contacts alike.
On the subject of conducting a full business impact assessment to learn how to react if similar situations should arise in times hence, around 40% replied that they would be doing so, while just under 40% affirmed this very process is already underway. The fact that one-in-five companies are not planning to undertake any kind of review, though, is somewhat troubling.
While this may not be a definitive survey, the responses do offer an interesting insight into the thinking around working from home in the security profession. This is something that's likely to become more common in future, and perhaps morph into a permanent situation (at least for some security and risk-focused roles).
Mike Hurst CPP MSyI FREC is Director of HJA Consult