Cybersecurity in the Hybrid Workspace –Empowering the Workforce
By Sharon Chu, Managing Director - Talent and Organisation / Human Potential Lead, Accenture Greater China
Over the course of 2020, the world of work for many people had changed dramatically. Officed-based workers suddenly found themselves at home, adapting to new systems and workflows while, in some cases, adjusting to social isolation and financial or emotional hardship. Cybersecurity focused on this human element is vital, but employers need to go beyond merely minimising vulnerabilities. Instead, they need to create an elastic, resilient, and agile workforce by considering their fundamental needs.
Even before COVID-19 struck, cyber crime was costing large organisations an average of USD13 million a year apiece, according to Accenture research.(1) 60% of cyber attacks are attributable to human, rather than technological vulnerabilities.(2) The public health situation had exacerbated these human frailties in 2020, prompting Interpol to launch a hashtag, #WashYourCyberHands, to emphasise the importance of good online habits.(3)
Fostering individual cyber maturity is something that the HR function and their organisation have the power to implement. When it comes to mitigating human cyber vulnerabilities, Accenture has identified six key components. Three of them focus on individual responsibility:
Leadership advocacy and commitment. Visible dedication to and demonstration of best practice by senior team members, to "lead by example" and encourage the right behaviours.
Security awareness and education. Providing the correct skills and knowledge to educate employees about the importance of staying cyber vigilant, as well as the actions expected from them.
Secure behaviours and accountability. Ensuring employees adopt the right behaviours to stay alert and feel accountable for keeping their organisation safe.
The other three key components focus on organisational maturity:
Strategic business alignment. Aligning cybersecurity priorities with the overall business objectives of the organisation, including alignment with business leaders.
Security workforce and capabilities. Creating a strong team of cybersecurity professionals, with the appropriate skills and competencies to shield the organisation effectively.
'Security first' culture. Using well-designed processes and policies to drive and reward the right security-driven behaviour within the organisation.
These are not temporary measures for lockdowns induced by COVID-19. Increasingly, organisations are announcing permanent shifts to hybrid working models, with staff spending multiple days each week in their home offices. An agile, elastic workforce, enabled by digital tools, has the potential to unlock a revolution in both staff productivity and wellbeing. Research indicated that 66% of the surveyed employees feel they could focus more easily when working remotely,(4) while 79% of organisations had seen consistent or even improved levels of staff productivity.(5)
However, permanent shifts to an elastic workforce require human and technological support, including through enhanced analytics as well as cybersecurity protection. Addressing the human aspects of the later is now a key focus of HR teams, in terms of raising cyber awareness, instigating culture and behaviour change, and upskilling the workforce where necessary. This is best understood as part of a broader commitment to people’s wellbeing, which Accenture calls Net Better Off.
Net Better Off
Net Better Off is a model whereby companies can unlock their people’s full potential by considering the welfare of individuals through six specific dimensions. These are:
Financial: Being financially secure without undue economic stress or worry, and having equitable opportunities for future stability and advancement.
Employable: Having marketable, in-demand capabilities and skills to obtain good jobs and advance in one’s career.
Purposeful: Feeling that work makes a positive difference to the world and that life has meaning and a greater sense of purpose beyond oneself.
Physical: Being in good physical health without stress.
Relational: Feeling a strong sense of belonging and inclusion; having many strong personal relationships.
Emotional and mental: Feeling positive emotions and maintaining mental wellness.
All six dimensions point to building trust among the employer and employees, and the employees with one another. Trust needs to be established among people, but also with the help of data, hence all six dimensions can be jeopardised by cyber insecurity. This is why HR and their organisation need to make cyber protection a core priority. An isolated, demoralised, or stressed homeworker is more at risk of falling prey to the kinds of cyber fraud typically used to penetrate organisational systems, be it a phishing email, impersonation fraud or ransomware. Net Better Off provides a framework through which to understand and support staff resilience, particularly in the context of a digital working environment.
The role of human resources
This transition places a great deal of responsibility on CHROs and their teams. Some roles are easier to pivot to hybrid or remote working than others, meaning that positions and tasks must be evaluated on a caseby- case basis, through rigorous analytics. Meanwhile, CHROs need the curiosity to understand emergent workplace technologies, such as augmented- and virtual-reality applications. Talent management processes, wellbeing and productivity metrics need to be performed digitally, but in ways that can ease employee concerns about overly intrusive surveillance. Rather, trust must be built by placing people at the centre of decision making, and by ensuring that new technologies are adopted in a cyber secure way.
What does success look like? There are some sweet spots that can be employed and measured in practice. Organisations that enable continuous learning, for instance, are well placed to support the ‘employability’ pillar of Net Better Off. Success in this regard can be measured in the proportion of employees saying they would recommend their employer to other people. Likewise, if a high proportion of workers adapt effectively to change, that is a sign that the organisation is listening to their concerns, and empowering them with real-time data.
In terms of measuring the success of hybrid or remote working, high scores for workplace fulfilment are an important indicator that the right technology has been put in place to support workers. But that is only half the story. Wellbeing and safety are equally significant, as is ensuring equal opportunity and diversity. A high proportion who report a willingness to put extra effort into their work, and who view it overall as a positive experience, can be taken as indicators of success in this regard. The new normal is very much a digital one. This means that the distinction between cybersecurity, and security in general, is increasingly superfluous. HR practitioners should be helping to create an environment of trust in our new, online/offline hybrid world, shifting employees’ related behaviours and mindsets, and integrating an appreciation of online security into their thinking, as elements integral to all aspects of their people strategy.