I have been a remote and hybrid worker for twenty-five years. It is has been and remains my professional life. I work out of my home office (though I do have a rental office space I can use for when I need seclusion). It takes a lot of foresight to manage the risks as I have a lot of clients and their sensitive data.
In my recent travels across Europe (London, Paris, Copenhagen, Zurich) and the USA (Chicago, New York) this past month, the conversation has often turned to the risks of the hybrid work environment. To address employees’ desires, demands, and needs as a result of the pandemic and provide a future of flexibility, many organizations are offering a hybrid option or complete remote working. For many organizations, this has been a quick reaction without really thinking it through carefully.
For your consideration, consider the following risks . . .
- IT/cyber/information security. This is the first thing that comes to mind, but it should not be the only thing. Careful attention has to be paid to the security of the remote office. My home office is filled with connected devices: speakers, exercise bikes, wall outlets, televisions, even my blender in my kitchen. If any of these devices has a back-door or trojan-horse installed (think SolarWinds for a current reality) it could compromise the home office environment. Careful attention needs to be paid to the home office security and the business devices and connections of the remote office. This is a no-brainer.
- Physical security. This is often neglected. What about the security of the physical environment? What sensitive conversations can be overheard on the phone, conference calls, Zoom meetings, and more? Can that spouse, partner, roommate overhear things they should not be privy to? Are screens protected? Physical documents, are they secure and even locked up when not being used? This is a serious concern that many organizations have not looked into.
- Where is work being done. This ties into the first two bullets. In a hybrid and remote work enviornment employees can work from anywhere. I am in a coffee shop writing this blog right now. What sensitive business or client/customer information on calls can be overheard by strangers, potentially competitors? What can be seen on screens and other devices by strangers? I look around and I can see three laptop screens and their information from just a casual glance up from my cup of coffee right now.
- Conduct. As we moved to Zoom/online meetings becasue of the pandemic we saw a huge spike in conduct issues. People are working from home. They may be wearing their dress shirt in the video, but are wearing their pajama bottoms under the desk. They feel relaxed and casual. They end up saying things in business meetings that cross the lines of harassment and discrimination, things that would never be allowed in the corporate office and conference rooms. But since they are working from home they feel different rules apply.
- Culture. This brings us to culture, how do you develop and maintain a strong corporate culture in a remote and hybrid environment. This will require extra nurturing, fostering, and development. Employee engagement and interaction is critical.
- Fatigue. Zoom/video conference fatigue is a reality. People start losing focus in online meetings after one-hour and are completely checked out in two-hours. Organizations need to restructure how they plan meetings, particulalrly frequency and length.
- OSHA and physical health and safety. A lot of attention has been placed on creating healthy work environments for the physical health and well-being of employees. With employees working from home, how do we ensure that these are physically healthy enviornments?
Organizations need to clearly write, communicate, and enforce their hybrid work policies and procedures to address these risks. There should be a single central portal for all of the organization’s policies and procedures that are contextually relevant to the employee’s role/function. Hence, they see the policies related to their job and responsibilities. All remote/hybrid-work-related policies should be tagged and grouped so employees can easily find these. These include security, home-office/remote-work conduct, health and safety, home-office expense, and other related policies. Organizations should develop training for remote and hybrid work and require that all employees undergo this training annually.
Consideration of all of these risks and related policies also needs to be applied to the extended enterprise. Brick-and-mortar walls do not define the modern organization as we have the remote and hybrid-work world. But it also is not limited by traditional employees. Your contractors, consultants, outsourcers, service providers, and even temporary workers may also be working remotely. These risks impact your third-party relationships as well and need consideration.
These are the risks that employers should consider and address when developing their remote and hybrid work-related policies. However, I have been encountering employee concerns about the risk of what the company may do in the future. If remote working is allowed, will they then take the next step to reduce costs and allow off-shore remote working?