Third Party Risk Monitoring

Return to the Workplace… What if They Say No?

Written by John Bree

Survey from Compliance Week Return to Workplace Webinar
With the rollout of vaccination programs, many companies are now putting together their post-pandemic Return to the Workplace (RTW) plans. While executives are busy discussing theories, approaches and concerns for a smooth return to the workplace, I believe there’s something they haven’t spent enough time considering, and that’s the human factor. How do employees feel about returning to a pre-pandemic like workplace after a year or more of working remotely from their homes or more accurately any place they have connectivity? In this blog, I’d like to consider this human element, and what if your staff say No?

A recent article from Deloitte about the RTW challenge stated:

“While firms have been busily rethinking and rebuilding their workplaces, their recently displaced workforces have concurrently been rethinking and reworking where they get their work done and developing new routines and habits along the way—some which they may prefer to the old way of doing things.”

An online survey conducted by the non-profit think tank The Conference Board in late September 2020, of more than 1,100 U.S. workers across numerous industry verticals, found more than a quarter (28%) of the respondents indicated they expect to return to their workplace by Jan. 1, while 38% expect to do so in the new year or beyond. Only 7% expect to return after a vaccine is made widely available. Interesting that 31% aren’t comfortable with the prospect of returning.

Reading these and other well researched and written articles on the RTW challenge, I have not come across some of the more practical issues I believe we will face as a result of reluctant employees. I was personally part of the Crisis Team at a major financial institution in NYC at the time of and after 9/11. After the attack when we began the RTW process, we faced a challenge that we had not anticipated. Some staff absolutely refused to work above the 4th floor: quite a dilemma when faced with staffing in 50+ story facilities. The truth was we had failed to fully comprehend the human element.

We hear a lot about the negative side of the working from home and the psychology aspects of isolation resulting from loss of contact with co-workers and friends and the difficulties that come with virtual collaboration. While mental wellbeing is an important consideration, companies must also consider that their employees are weighing these negatives against the considerable benefits of not being tied to a physical workplace. They have realized hard dollar savings, increased productivity and time saved by not having to commute. They spend less non-productive time traveling and get more time with their families, not to mention the considerable benefit to our environment.

Going forward even with a fully vaccinated population, people who have historically used public transportation to commute may be reluctant to do so and prefer to avoid what have been historically crowded and less than hygenic modes of transportation. Combining this general reluctance to increase one’s exposure to infection with the very real economic advantages of working remotely may well encourage staff to just say No.

So where do we go from here? If we enact a permanent remote work environment or a hybrid model that incorporates some in office time, we will need to refocus our RTW plans and objectives to deal with a workforce who are in many situations dealing with confidential, private and high-risk data, in a non-controllable physical environment, on a variety of devices and connection platforms.

Let’s expand on this privacy dilemma with a very basic risk: Who can look over my shoulder? That’s right, the easiest data breach to execute is one of the hardest to prevent in today’s remote work environment. Another consideration is the screen timeout that was originally set for an office location now must be adjusted for a possibly high trafficked residential setting. There must now be a protocol to address this risk.

While these are very basic scenarios, there’s a host of more sophisticated methods that can be used to obtain and benefit from access to confidential information. In addition to an increased focus on training, companies will need to enhance their monitoring capabilities to reasonably ensure confidential data is protected. The IT experts and SMEs in our organizations will need to rethink data protection. In addition to rapid identification of misuse, companies must have coordinated listening posts that receive and correlate all threat intelligence and then have tested processes and protocols in place that activates the shutdown process and initiates the mitigation and ultimately the recovery actions.

So where does all this take us? From my perspective, all industries will begin to re-evaluate their systems, networks, and look to enhance and expand their risk monitoring capabilities with continuous monitoring across their entire vendor and location risk landscape. Expanded and enhanced monitoring is a good thing, as long as they are also enhancing their ability to do something with all this new intelligence. While not knowing is a risk, knowing and not acting is now an even bigger risk.

In conclusion, don’t forget to consider the human element and the possibility of a scenario where many say No to a Return to Workplace. In our next blog, we will discuss how to effectively and efficiently act on intelligence.

Did you miss our recent webinar with Compliance Week on Continuous Risk Intelligence and a Return to the Workplace? 

No worries, we’ve got you covered.

Download our presentation, and the best part is we took notes and included those too.