Report - Research Institute for Sociotechnical Cyber Security
Remote Working and (In)Security
The Impact of Pandemic-Driven Remote Working on Employee Wellbeing, the Psychological Contract and Cyber Security
Summary
Remote working during the COVID-19 pandemic has had, and continues to have, a great impact on the workforce. Through interviews with senior cyber security professionals, this research explored how the traditional dynamics between employees and leadership have adapted in such times, responding to a rapidly evolving cyber threat landscape, as well as an unpredictable period for organisations and employees in terms of wellbeing and remote working culture. Focusing on the transition to remote working, cyber security, the psychological contract (relationship between employees and employers) and employee wellbeing, the research highlighted several key themes:
Organisations have taken different approaches to security risk management. While some employers relaxed corporate device policy and displayed increased trust in employees to 'get the job done', other employers increased restrictions, occasionally to the perceived detriment of productivity and collaboration. •
- Remote working has increased worry associated with insider threats. Through shadow IT practices, inadequate remote working security controls or mitigations, and decreased visibility of remote working environments, participants suggested that there are more opportunities for employees to, deliberately or unwittingly, to expose organisations to risk.
- Flexible working and virtual team socials were the most common organisational support mechanisms. Additional support mechanisms included informal carer days, financial allowances for equipment, and mental health support resources.
- There is no 'one-size-fits-all' to employee wellbeing through remote working.
- Organisational leadership shapes employee experiences. Positive security culture and organisational handling of employee wellbeing were reported where respondents felt leadership clearly articulated and justified a consistent approach to remote working.
- As a result of this research, several recommendations can be drawn which may be of use to government policy-makers and organisations:
- Executive leadership colleagues should strive for clear and consistent top-level communication across all areas including security best practices and wellbeing and employee support
- Executive leadership colleagues should understand employee needs when determining policy, considering employee wellbeing alongside organisational objective.
- Executive leadership should take the impact of remote working into consideration when looking at employee retention, and record any potential implications for the psychological contract, especially when remotely on-boarding new colleagues.
- Security leadership colleagues should understand employee needs when setting specific policy/ processes for cyber security awareness.
- Security leadership colleagues should ensure employees at all levels understand the purpose of cyber security controls and the justification for using them, leveraging executive leadership support where this is required.
- Executive and leadership colleagues should note that employees have experienced the pandemic and remote working pressures in different ways. These needs should be taken into consideration when planning future hybrid or "return to office environment' patterns.
Want to Read More?
The full text of this publication is available via Research Institute for Sociotechnical Cyber Security.
For more information on this publication:
Please contact
Cyber Project
For Academic Citation:
Crossland, Georgia and Amy Ertan. Remote Working and (In)Security. Research Institute for Sociotechnical Cyber Security, June 2021.
- Recommended
- In the Spotlight
- Most Viewed
Recommended
Analysis & Opinions
- Harvard Law Today
Is the U.S. in a Cyber War?
Analysis & Opinions
- TechStream
Hacked Drones and Busted Logistics are the Cyber Future of Warfare
Analysis & Opinions
- Foreign Policy
Cybersecurity Ignorance Is Dangerous
In the Spotlight
Most Viewed
Belfer Center for Science and International Affairs, Harvard Kennedy School
- Belfer Center Fellow Peter Ajak Navigates Challenges from Lost Boy to South Sudanese Activist
Paper
- Belfer Center for Science and International Affairs, Harvard Kennedy School
Attacking Artificial Intelligence: AI’s Security Vulnerability and What Policymakers Can Do About It
Belfer Center for Science and International Affairs, Harvard Kennedy School
- Belfer Center Spring 2023 Newsletter
Summary
Remote working during the COVID-19 pandemic has had, and continues to have, a great impact on the workforce. Through interviews with senior cyber security professionals, this research explored how the traditional dynamics between employees and leadership have adapted in such times, responding to a rapidly evolving cyber threat landscape, as well as an unpredictable period for organisations and employees in terms of wellbeing and remote working culture. Focusing on the transition to remote working, cyber security, the psychological contract (relationship between employees and employers) and employee wellbeing, the research highlighted several key themes:
Organisations have taken different approaches to security risk management. While some employers relaxed corporate device policy and displayed increased trust in employees to 'get the job done', other employers increased restrictions, occasionally to the perceived detriment of productivity and collaboration. •
- Remote working has increased worry associated with insider threats. Through shadow IT practices, inadequate remote working security controls or mitigations, and decreased visibility of remote working environments, participants suggested that there are more opportunities for employees to, deliberately or unwittingly, to expose organisations to risk.
- Flexible working and virtual team socials were the most common organisational support mechanisms. Additional support mechanisms included informal carer days, financial allowances for equipment, and mental health support resources.
- There is no 'one-size-fits-all' to employee wellbeing through remote working.
- Organisational leadership shapes employee experiences. Positive security culture and organisational handling of employee wellbeing were reported where respondents felt leadership clearly articulated and justified a consistent approach to remote working.
- As a result of this research, several recommendations can be drawn which may be of use to government policy-makers and organisations:
- Executive leadership colleagues should strive for clear and consistent top-level communication across all areas including security best practices and wellbeing and employee support
- Executive leadership colleagues should understand employee needs when determining policy, considering employee wellbeing alongside organisational objective.
- Executive leadership should take the impact of remote working into consideration when looking at employee retention, and record any potential implications for the psychological contract, especially when remotely on-boarding new colleagues.
- Security leadership colleagues should understand employee needs when setting specific policy/ processes for cyber security awareness.
- Security leadership colleagues should ensure employees at all levels understand the purpose of cyber security controls and the justification for using them, leveraging executive leadership support where this is required.
- Executive and leadership colleagues should note that employees have experienced the pandemic and remote working pressures in different ways. These needs should be taken into consideration when planning future hybrid or "return to office environment' patterns.
Want to Read More?
The full text of this publication is available via Research Institute for Sociotechnical Cyber Security.Crossland, Georgia and Amy Ertan. Remote Working and (In)Security. Research Institute for Sociotechnical Cyber Security, June 2021.
- Recommended
- In the Spotlight
- Most Viewed
Recommended
Analysis & Opinions - Harvard Law Today
Is the U.S. in a Cyber War?
Analysis & Opinions - TechStream
Hacked Drones and Busted Logistics are the Cyber Future of Warfare
Analysis & Opinions - Foreign Policy
Cybersecurity Ignorance Is Dangerous
In the Spotlight
Most Viewed
Belfer Center for Science and International Affairs, Harvard Kennedy School
-Belfer Center Fellow Peter Ajak Navigates Challenges from Lost Boy to South Sudanese Activist
Paper - Belfer Center for Science and International Affairs, Harvard Kennedy School
Attacking Artificial Intelligence: AI’s Security Vulnerability and What Policymakers Can Do About It
Belfer Center for Science and International Affairs, Harvard Kennedy School
-Belfer Center Spring 2023 Newsletter