Return to Office Risks Worth Considering

In 2019, most white-collar employees worked in an office. In 2020, they worked from home. Now, it's a mix, but enterprises may not be prepared.

Lisa Morgan, Freelance Writer

May 25, 2021

9 Min Read
Credit: yanlev via Adobe Stock

Not so long ago, business as usual meant that most white-collar employees worked at the office. Then, the pandemic hit and IT departments scrambled to enable remote work. Now, organizations are starting to open offices and the question is whether they've anticipated all the potential risks.

"You have to decide what you're trying to achieve and you have to recognize that your employees may be all over the board in terms of what they need, how they want to work going forward and how you're going to deliver to your clients," said Kevin Rooney, chief administrative officer at business and technology consultancy firm West Monroe.

From Office to Remote to Hybrid

The shift from working at the office to working at home has resulted in attitudinal changes. Before the pandemic, many business leaders couldn't imagine operating without all their physical office space but now they may be letting at least some of that office space go. Meanwhile, employees have developed different work habits, such as balancing family responsibilities during work hours.

Kevin_rooney-WestMonroe.jpg

"What's most important is making sure there's a vision and why," said Rooney.

Traditionally, businesses have dictated where employees work and even those that had work-from-home policies couldn't anticipate what happened in 2020. Now, they will likely discover that employees are not homogeneous in their attitude about working at the office or at home. Those who return to the office also may have different work hours expectations than they had in 2019.

"As the world begins to reopen, leaders must keep a pulse on employee sentiment and act on this feedback," said Gina Mastantuono, CFO at software company ServiceNow. "Flexibility will be the most valuable perk within the post-pandemic future of work. CFOs must ensure organizations are investing in solutions that deliver this flexibility."

Gina_Mastantuono_ServiceNow.jpg

Cybersecurity Issues Are Lurking in the Background

Cybersecurity is constantly evolving. During the pandemic, hackers have been targeting home Wi-Fi systems because they know home Wi-Fi network passwords tend to be weak. They also know there's a good chance that cyber hygiene isn't top of mind because people are distracted trying to balance work and home responsibilities under the same roof. Distraction is an ideal state of mind to exploit.

Now, as offices begin to open, they know that IT and cybersecurity teams will be challenged, trying to support office IT and remote IT.

"Office re-openings are complex from a cyber risk standpoint, [so] it is important for facilities, HR, IT, security and other teams' leads to plan in advance how they align activities and communications with each other and employees," said Ellen Sundra, SVP of global systems engineering and enablement at cybersecurity solution provider Forescout.

Ellen_Sundra-Forescout.jpeg

Sundra said Forescout has seen "device decay" which occurs because a device is missing app updates, or the employee reconfigured the device to work on the home network. There could also be commingled work and personal content on the machine.

"The level of non-compliance and risk from this varies across employees and organizations, but you still need the means to detect, measure and resolve this decay before it erodes entire corporate security postures," said Sundra. "It only takes one 'problem' machine to introduce ransomware or other risks onto a reviving office network. So, all these returning devices, at scale, will overwhelm administrators without advanced planning."

Other challenges she identified include:

  • Still-active credentials that are based on year-old trust but which nevertheless enable automatic network connections. Instead, zero trust defenses should be up to date.

  • Physical access control systems such as connected cameras and badge scanners have software vulnerabilities, poor network segmentation or other risk factors which make them the most dangerous types of devices in a return-to-the-office scenario. To reduce the risks, companies should ensure that those devices are updated and carefully reviewed before they become high-traffic and mission-critical again.

  • The entire stack of business apps and third-party services may have changed because teams and departments revamped their workflows and productivity during lockdowns. Enterprises should reevaluate security investments and processes to make sure they are avoiding blind spots and not investing in tools with diminishing ROI.

  • Theft or physical breaches may occur simply because employees have become accustomed to leaving work where it lays at home. Employees should be reminded of the need to maintain a clean desk and other security protocols.

Another risk has to do with asset inventory, because if it's not accurate, then it doesn't reflect an organization's attack surface.

"The Center for Internet Security (CIS) lists inventory and control of hardware assets as it's first basic control. CIS states that all hardware needs to be actively managed and that only authorized hardware should be able to gain access to the network," said Ken Magee, president and owner of Data Security Consulting and Training. "Organizations need an accurate inventory to be able to say which equipment is still located at the abandoned office campus and which equipment went home with workers. Equipment at both locations needs to be protected."

In addition, sensitive data could be stored on abandoned equipment so that data should be encrypted. The encryption algorithm and encryption key should also be protected. Another option is to wipe the operating system and data off abandoned equipment, so if someone steals the equipment, they only get the equipment, devoid of anything stored on the hard drive, in memory or chips on the motherboard, McGee said.

Refresh Business Continuity and Disaster Recovery Protocols

Business continuity and disaster recovery took on new meaning in 2020. However, 2020's definition should not be 2021's definition as companies work towards reopening their offices.

John_Beattie_sungard.jpg

"Organizations should have adjusted their business continuity and disaster recovery plans to account for the shift to remote work at the onset of the pandemic," said John Beattie, principal consultant at business continuity solution provider Sungard Availability Services. "These plans need to be readjusted again to account for employees being back in the office and any changes made to the IT environments as a result."

Failing to tighten cybersecurity protocols upon the return to the workplace could leave networks vulnerable to cyberattacks and breaches. Additionally, failing to update the business contingency and recovery plans and failing to provide employees notice of plan changes could lead to outages or the inability to promptly act on contingency plans when the time comes, Beattie said.

Mental Health Is a Very Real Issue

The pandemic has had an adverse effect on mental health. During lockdowns, about 4 in 10 US adults have reported symptoms of anxiety or depressive disorder, up from one in 10 adults who reported such symptoms from January to June 2019.

Fred_Burton_OnticCenter.jpg

"Predicated on our dynamic threat landscape underway in America today -- violence, elevated tempo of mass shootings, protests, riots, social and racial justice issues -- how many of these potential issues will manifest [themselves] in the workplace with staff back?" said Fred Burton, executive director for the Ontic Center for Protective Intelligence. "How are you seeing around corners? Do you have a program in place to hunt for physical threats against your personnel and executives?"

Planning for such outcomes should have been on every company's radar before the pandemic, before the 250% jump.

"Perception is reality," said Burton. "The work norm has been changed forever whether we like it or not. However, there will be one constant going forward: People will want to work in companies that are perceived to be safe, heathy and secure."

Just the shift from 100% remote work to some office time is enough to make people feel uncomfortable, even though many worked in the same office prior to the pandemic.

Dmitry_Bagrov-DataArtUS.jpeg

"The danger is this feeling of unease could morph into resentment, which is not the quality that fuels productive work," said Dmitry Bagrov, managing director at global software development company DataArt UK. "Watch out for employees getting disheartened or disengaged [at] the office. [First,] acknowledge that this might be the case. [Second], come up with some ideas on how to make your team feel better at the office -- offer some new perks, fresh incentives. Enterprises need to be in a continuous communication loop with their employees, monitoring how they feel, asking what they need and acting timely."

Be Mindful About Providing Equal Opportunities

Ger Doyle, head of Manpower IT brand Experis and head of digital and innovation at ManpowerGroup, warns that companies moving toward a new, hybrid way of working must be careful to avoid a two-speed workplace in which those in the office get access to opportunities that work-from-home employees miss.

"The format of a meeting doesn't matter as much as the intention to be inclusive and ensure everyone feels welcome and that their opinions are valued," said Doyle. "Leaders need to think about how to keep people from feeling isolated with so many varying working styles."

Ger_Doyle-ManPowerGroup.png

Other concerns are burnout from an always-on culture and how employees' priorities may have shifted during the past 14 months or so.

"[H]istory tells us that after a crisis, people evaluate their life and are more likely to seek new opportunities. We're advising employers to focus on flexibility, wellbeing, and career development -- and this is especially important for tech talent who will find themselves in high demand for the long term."

In short, employees are in the driver's seat more than ever before. Companies need to adapt, or they may lose their most precious resource -- talent.

Related Content:

Finding the Right Balance of On-Site and At-Home IT Workers

CIOs Face Decisions on Remote Work for Post-Pandemic Future

Remote Reshapes the Future of Work  

 

About the Author

Lisa Morgan

Freelance Writer

Lisa Morgan is a freelance writer who covers business and IT strategy and emerging technology for InformationWeek. She has contributed articles, reports, and other types of content to many technology, business, and mainstream publications and sites including tech pubs, The Washington Post and The Economist Intelligence Unit. Frequent areas of coverage include AI, analytics, cloud, cybersecurity, mobility, software development, and emerging cultural issues affecting the C-suite.

Never Miss a Beat: Get a snapshot of the issues affecting the IT industry straight to your inbox.

You May Also Like


More Insights