A good work/life balance has become more important to people than ever before. Since the pandemic, employees have realised the benefits of having more spare time and keeping their work and personal life separate. As a result, they are demanding more flexible approaches to work. In this month’s editor’s question, six experts outline how their company is addressing the need for more flexible approaches, starting below with Jon Fielding, Managing Director, EMEA Apricorn:
Many companies are still struggling with security despite organisations and employees now having settled into hybrid working scenarios, and the threats posed by ‘insiders’ continue to put businesses at risk. According to a recent survey by Apricorn, of the IT security decision-makers surveyed, 22% said employees unintentionally putting data at risk had been the main cause of a data breach at their organisation, with staff being caught out by phishing emails close behind at 21%. Remote workers specifically had been the catalyst at 26% of organisations. Worryingly, 20% said employees with malicious intent had been behind a breach at their company, and 48% of respondents admitted that their company’s mobile or remote workers have knowingly exposed data to a breach over the last year, while 46% stated that their remote workers ‘don’t care’ about security.
Despite awareness of the ‘insider threat’, companies are not applying the policy and technology measures necessary to prevent data being compromised. Of those that allow employees to use their own IT equipment remotely, only 14% manage the risk by controlling access to systems and data using software. Nearly a quarter (24%) require employees to receive approval to use their own devices, but do not apply any controls, while 17% don’t require approval or apply any controls and 15% only allow corporate IT provisioned devices to be used but have no way of enforcing this.
This trend was echoed when the respondents were asked about the main problems they faced with implementing a cybersecurity plan for remote and mobile working. The biggest issue – which 28% are struggling with – is lack of awareness among employees of the risks to data when working away from the office.
Below are some key considerations for businesses looking to address employee flexibility and security:
1) Locking down endpoints
By protecting the endpoint, organisations can place trust in the integrity of their data and systems wherever an employee is accessing them, and whatever device they’re using.
2) Backing up data
Companies should look to embrace the ‘3-2-1 rule’: have at least three copies of data, on at least two different media, with at least one copy held offsite.
3) Ensuring employees understand their role in security
By ensuring that staff fully understand the specific threats the business faces, the risks associated with mishandling information and the potential consequences to the organisation of a breach, greater consciousness can be instilled and behaviours improved.
4) Leveraging the right technologies and tools
Data encryption, for example, can help to mitigate the biggest challenges faced by organisations when implementing a cybersecurity plan for remote or mobile working.
James Nadal, Product Specialist, Osirium:
We make sure employees have the access they need to company applications, systems and data – wherever and whenever they’re working – without exposing the organisation to risk. It’s crucial that security measures don’t hinder employees’ productivity, or the benefits of flexible working will be cancelled out.
Our focus is on the protection of privileged admin accounts, through privileged access management and endpoint management. This approach protects systems and data from attack, while ensuring employees can safely access the resources they need.
For many companies, remote and hybrid working have created endpoint sprawl, with users in multiple locations connecting from multiple devices, including shadow IT. These endpoints make an attractive entry point for hackers looking to steal data or find a foothold from which to launch a ransomware attack, for example. In this decentralised context, it’s difficult for security teams to maintain visibility over what’s happening at the endpoint.
The risk is amplified when flexible workers are in possession of privileged credentials that enable them to carry out tasks such as updating user accounts, configuring servers, or installing software. Adversaries that get hold of these logins, or a device with local admin rights on it, have the potential to cause great damage. They may even be able to elevate privileges to gain access to the entire corporate IT environment.
Privileged access management (PAM) ensures that users have rights to access the systems they need to do their work – but only those systems, for the shortest possible time period, and with the lowest level of privilege. PAM tools should ideally make it possible for IT to create and apply specific policies that determine who can access what, and with what level of privilege. They should also have built in time-based one-time password (TOTP) multifactor authentication, which all users go through as they log in.
PAM tools with endpoint privileged management (EPM) capabilities allow security teams to control exactly what users do and how, through removing rights where they’re not required on a permanent basis, while elevating privileges for individuals in instances when needed, ensuring their work is not interrupted.
The automation of common IT tasks that require privileged logins adds another level of protection. This eliminates errors by taking the human out of the equation and speeding up the actioning of tasks.
PAM also separates users from admin credentials, by directly injecting them into target systems, so they’re never exposed to anyone. With no direct access to logins, employees can’t misuse or leak them. Passwords are never sent down to the client, removing the possibility that hackers can reveal them by sniffing memory, or looking at command strings within the process tree. Importantly, this all takes place in the background, keeping friction out of the process.
Brian Martin, Director of Product Management, Integrity360:
It is true that many employees post-pandemic have been reluctant to give up the flexibility of remote and hybrid working and it is clear that these approaches are here to stay. However, with this flexibility comes increased risk, as no longer are employees confined within the heavily guarded permitter of the organisation’s network. The advent of cloud and SaaS only exacerbates the issue.
Therefore, businesses are increasingly embracing Artificial Intelligence (AI) as a critical tool to foster a more adaptive and secure work environment. While AI’s use in cybersecurity has yet to reach its full potential, a recent survey by Integrity360 found that 71% of surveyed IT decision-makers agree that AI is improving the speed and accuracy of incident response, and more than two-thirds (67%) of respondents also believe that using AI improves the efficiency of cybersecurity operations. This is no doubt due to AI’s ability to analyse vast amounts of data and identify threats and anomalies in real-time, contributing to its effectiveness in incident response.
As cyberattacks increase, organisations are lacking the experience, skills and bandwidth needed to detect and manage security incidents and data, and under-resourced analysts left to find impossible resolutions are regularly left overwhelmed by alert fatigue, among other things.
Today, more than ever, change is needed. To turn this tide and better support security professionals, firms should look to embrace new technologies and techniques capable of solving these most pressing challenges.
In a previous Integrity360 poll, 52% of respondents pointed to AI and Machine Learning (ML) as critical to future-proofing the security of their organisation. However, investing in and implementing such technologies effectively can both be costly and require highly advanced skillsets.
Automated solutions can undoubtedly help to reduce the number of manual tasks that analysts need to address. Indeed, these solutions must be applied in tandem with better identification, diagnosis and even prognosis of incidents for security professionals to be able to focus their attention where it matters.
As AI technologies continue to evolve, their integration into cybersecurity will follow. Organisations must remain proactive in embracing AI whilst also addressing the challenges it presents, ensuring that their cybersecurity defences keep pace.
Leveraging ML algorithms, for instance, can allow businesses the flexibility and efficiency needed to proactively detect anomalies in network traffic, enabling them to promptly flag and investigate abnormal activity and hence identify potential security breaches. By amalgamating AI with the expertise of skilled security professionals, businesses can efficiently avert impending threats. The implementation of AI-driven detection systems acts as a proactive shield against the escalating risk of cyberattacks, safeguarding the integrity of sensitive data and critical business operations.
Fiona Sweeney, Partnerships Director, Women in Data:
We at Women in Data have a totally flexible working policy with no rules or constraints on that flexibility. For our employees, contractors and volunteers this has led to a significantly enhanced work/life balance. We have measured less time and money spent on commuting as well as better productivity. Teams are reporting a better sense of autonomy and trust, leading to greater job satisfaction.
As a membership organisation our mission is to achieve gender parity in the data, analytics and AI industry. We serve a community of more than 45,000 data practitioners. Women are hugely under-represented across all STEM fields. The data industry is no exception – right now, men outnumber their female colleagues by more than four to one.
According to the World Economic Forum there will be more than 149 million jobs in data and tech by 2025. Yet in the UK, over half of women leave the tech industry by the midpoint of their career – more than double the rate of men. From our own research we know that flexible working has a positive impact on attraction and retention rates in an industry that already experiences extreme skills shortage. Job flexibility upfront results in a 30% increase in applications, for example.
From Spring 2024, British workers will have more options as the Flexible Working Bill achieves Royal Assent. They will be able to make two flexible working requests in any 12-month period rather than the current limit of one request per year. Businesses will be required to respond to flexible working requests within two months and must not deny any reasonable request unless there is a valid business reason to do so.
Our default response to a flexible working request is yes. The key to success is communication. We start by looking for a solution that works for the individual and the business, using the following process:
- Review the reason for the request and establish the ‘must haves’ e.g. childcare pick up times
- Review the role and the impact on other roles in the organisation
- Assess the business impact
- Agree the new working pattern (reduced hours, flexi hours, compressed hours etc)
- Communicate change to all staff
- Monitor results and iterate if necessary
As part of our commitment to promoting flexible working, Women in Data will ensure that the data community are aware of the change of legislation and associated opportunities and impacts. We are mindful of the fact that women are often unwilling to ask for flexible working: nearly 40% of working mothers have not asked for flexible working, with many citing fear of future career progression. We will be supporting our community by canvassing employers around the benefits of flexible working as they tackle their talent retention issues. And we will empower our community with information and training to achieve their flexible working aspirations.
Charmaine Erica, VP of People and Culture, Logpoint:
The call for flexibility has grown louder. At Logpoint, we embrace the demand for flexibility but also understand the need for belonging within our workforce.
Flexibility has become a prerequisite for attracting top talent. It extends our talent pool globally, opening doors to a diverse and skilled workforce. However, flexibility goes far beyond recruitment. It’s about respecting the work/life balance that our employees value.
The traditional workplace concept, where work was expected to fulfil all needs, has evolved. Today, work should provide energy and fulfillment rather than just a physical presence. In addition, the workplace should acknowledge the importance of family and personal time.
Flexibility, for us, means meeting employees where they are, both physically and mentally, and recognising their diverse needs and preferences. Our Employee Engagement surveys consistently reveal that flexibility is an area where we excel. Our workforce values the freedom to choose how, when and where they work.
Yet, paradoxically, flexibility can sometimes result in a decline in belongingness and even lead to attrition. Employees everywhere may seek new opportunities for better compensation, such as higher pay, superior technology or better physical locations.
Ultimately, what drives the choice of a workplace is well-being. It’s the sense of well-being with colleagues and leaders, the respectful atmosphere, shared laughter and participation in sports and social events. These aspects provide the cultural belongingness that energises and makes an actual difference for employees.
Informal work practices foster belongingness, and this is where the core of retention lies. Belongingness within a company translates to better productivity, higher motivation, elevated engagement, an attractive culture and strong networks and collaborative relationships.
So, how do we address the dilemma of too much flexibility potentially eroding belongingness? The solution lies in finding a balance where employees give back to the collective while retaining the freedom to work in the best possible way for them.
To bridge the gap, we’ve introduced initiatives like ‘People Ignition Lunch’. This programme invites both physical and virtual employees to come together for inspiration during lunch breaks to enhance well-being, health, motivation and overall job satisfaction. Likewise, ‘Bootcamps’ offer in-workday exercise opportunities, promoting physical fitness, enhancing creativity and reducing absenteeism while increasing overall productivity.
Additionally, we continue to organise traditional cultural events and encourage activities like Friday bars, participating in holiday celebrations and summer gatherings.
In conclusion, Logpoint understands that flexibility is not just a buzzword but a necessary paradigm shift in today’s workforce. Our commitment is to embrace this change while fostering a sense of belongingness, and we believe it’s this balance that distinguishes us and propels our success in this ever-evolving world. What sets us apart is our unique organisational culture, marked by good working relationships, fairness and mutual respect.
Andy Wilson, Director, New Product Solutions, Dropbox:
At Dropbox, we design and build products that enable people to work effectively from anywhere in the world, so very early on in the pandemic, we recognised the importance of practising what we preach. In October 2020, we adopted our Virtual First model: we work remotely by default, and we live our own customer experience before we release new products into the world. However, in-person connection is still key to a thriving and creative workforce – so, we still prioritise opportunities for quarterly in-person collaboration.
Three years on, we know it’s working for our people. Ninety-three percent of our employees feel they work effectively, and we’re exceeding peer benchmarks in areas like inclusivity (88%) and well-being (81%). Our experience shows that in 2023 and beyond, businesses need to recognise that there is a demand for greater flexibility, that caters to the unique ways of working that we all inherently have.
A key element of our flexible and human-centred approach is our shift to an ‘asynchronous by default’ culture. Particularly for businesses that have grown to be global and geographically dispersed in nature, the pressure to collaborate in real-time can make it hard for employees to find time for deep focus. Yet, this time and space is key when it comes to creativity and reflection. Without it, people aren’t as productive, motivated or energised.
With the right frameworks in place, asynchronous collaboration empowers employees with the ability to keep work moving without having to be physically present, or always ‘online’.
For example, embracing asynchronous collaboration led us to think about how much time we should actually be spending in meetings, and as a result, we introduced ‘Core Collaboration Hours’. These are blocks of time, reserved for live collaboration and outside of these hours employees have the freedom to manage their work async. Shifting to this framework has enabled our people to gain more flexibility and autonomy over their time – and it’s provided more structure and guidance around how we work remotely.
Education is also key in this mindset shift: to make sure the work environment is comfortable and equitable, we have to be more intentional about how, when and why we communicate. We encourage our employees to continuously challenge, is this meeting necessary, and in doing so, we ask our employees to reserve live meetings for ‘discussion, debate and decision-making’. If the need for a meeting doesn’t fall within these criteria, we save time and address it async. Lastly, to get this right, we’ve underpinned this mindset shift with an effective technology stack. When the pandemic started, companies deployed multiple tech tools to keep work moving – sometimes to the detriment of operations. Too many tools can decrease productivity, as employees have to navigate a cumbersome number of applications, notifications and different types of content. However, this new era of AI opens up a new world of possibilities. AI has the power to help people thrive by organising their work, surfacing what they need and automating routine tasks – and in doing so, it can play a powerful role in increasing productivity, by freeing up space for individuals to focus on the work that really matters.
Click below to share this article