Remote Work and the Long-Term Impact on Risk

83% of employers now say the shift to remote work has been successful for their company, compared to 73% in a prior survey. Less than one in five executives say they want to return to the office as it was pre-pandemic. Enterprises are going to have to balance convenience and security over the long haul.

It’s well understood that the speed at which enterprises pivoted last year to enable their staffers to work remotely was stunning. At least for months, if not years to come, what may not be fully understood are the long-term enterprise infrastructure and security impacts of the pivot.

So far, the shift to remote has proven to be a success for staff and enterprises alike. According to a recently released survey from PwC, 83% of employers now say the shift to remote work has been successful for their company, compared to 73% in the firm’s June 2020 survey. Further, PwC found that employees want to return to the office more slowly than their employers expect. About 75% of executives anticipate that at least half of office employees will be working in the office this July. Yet, 61% of employees expect to spend half their time in the office by then.

In a recent survey from Microsoft, the software company found that nearly all respondents (104 out of 105) sought their staff to work remotely as a result of the novel coronavirus. Similarly, an additional survey with enterprise customers in I.T. organizations found that almost everyone, or 98%, said they were working from home, while 86% of users had previously worked on company premises. These findings were reinforced by a separate survey of enterprise security professionals, including security analysts, security admins, and chief information security officers; with 95% of respondents reporting that their entire information security teams had moved to work remotely as a result of the COVID-19 crisis, Microsoft said in its recently released report, The New Future of Work.

The report highlighted the same was true for business-technology compliance professionals, with 87% of such professionals transitioning to working from home during the pandemic. For those who did remain onsite, the primary reason was to maintain security. “For the roughly 13% of compliance I.T. professionals who indicated that some of their compliance team remains on site, the reasons were related to maintenance of classified systems that are only accessed onsite,” Microsoft’s report said.

Based on Microsoft’s findings, many organizations, 89.5%, reported that more than 50% of their staff could work remotely. In comparison, 75% said that about 75% of their “commercial” end users would be back to work remotely. Those findings, Microsoft said, fit with other polls that found 77% of organizations reporting that more than 75% of their organizations can function remotely, as well as 83% of I.T. compliance staff saying that 50% of their employees can work from home.

Yet this shift online has also increased risk, not only because the staff is working beyond the protective confines of the enterprise network but also the swift expansion of cloud services these enterprises quickly turned.

The challenges and risks associated with long-term work from home

Microsoft found that one of the biggest challenges in managing risks with remote work was educating users about the best practices for working remotely and training them to use remote tools, whether I.T. admins, security professionals, and compliance I.T. specialists. “Large portions of the workforce had never been expected to work remotely, at least to the extent that was required post-COVID, and thus were not properly trained, shown how to access appropriate tools, or given specific guidance for working from home. Many end users experienced a steep learning curve with no physical offices, classrooms, or in-person interactions. For I.T. staff, extra priorities they have assumed include training end-users on productivity apps or enabling the use of remote devices. In one survey I.T. admins reported that “Training for Remote Best Practices” was the most prevalent problem for admins when it comes to end-user education,” the report states.

This is especially problematic for security risks. According to a survey cited in the report, security professionals, including SOC Analysts, security admins, and CISOs, were polled regarding the rates of increase of security threats since the beginning of the switch to remote work. Only 20% of the respondents said they did not encounter any increased security threats. About 62% of the respondents reported phishing campaigns were the most increased security threats during the COVID-19 crisis, the report said.

Further, knowledge, or information, workers themselves said they were worried about security threats in their home/work environments. “Specifically, information worker concerns appeared to be related to downloading content, accessing work information on private WiFi networks that may not be as secure as work connections, and – in line with security professionals’ concerns – falling victim to phishing scams” the report states.

In its recent report, the U.S. Chamber of Commerce published its guide, COVID-19 Cybersecurity Special Edition: Analysis of Business Risk [.pdf], found with the stunning 775% increase in cloud usage came a 260% increase in click-throughs to malicious URLs in the early days of the pandemic.

“Due to the transition to a remote working environment, cybercriminals have increased their attacks on remote login services,” the U.S. Chamber of Commerce wrote. “Federal law enforcement officials have taken note of these trends and are working on handling them. Michael D’Ambrosio, assistant director of the U.S. Secret Service and head of its Office of Investigations, commented that the COVID-19 pandemic “provides criminals opportunities on a scale likely to dwarf anything seen before,” it reads.

Preparing for the permanent shift to WFH

Finally, Microsoft found that most companies, even post COVID, plan to keep a good portion of their workforces remote, which is why most enterprises expect to accelerate their business-technology investments. “Given the expectation that employees working from home, potentially in a hybrid environment, will continue post- COVID, many companies report they are accelerating moves to the cloud and increasing their overall I.T. spending. This is despite a broader focus on reducing overhead expenses and driving operational efficiency,” the report said.

According to Microsoft, so that enterprises could cope with their pivot, they spent much more than their planned fiscal year 2020 budgets. Yet, the Microsoft customers surveyed said they could make the appropriate technology decisions more rapidly than they anticipated. “For many, this experience has led to I.T. being regarded as more strategically important within companies than they were before COVID-19 and crucial to maintaining the ability for the company to operate moving forward. It has also made decision-makers want to have plans in place to avoid similar global challenges in the future,” the report said.

Going forward, in addition to security, the focus will be learning how to identify ways to gauge staff productivity, as enterprises continue to invest in data visualization, CRM, virtualization “and a review of other technology choices made quickly during the early stages of the pandemic” such as video conferencing services. “Some decision-makers are also beginning to reimagine their approaches to how technology can both help the employee with their productivity when working from home, and help the company as well to assess the employee’s performance when this is no longer a largely in-person relationship,” the report said.

The office is here to stay, but its role is set to change. Less than one in five executives say they want to return to the office as it was pre-pandemic. The rest are grappling with how widely to extend remote work options, with just 13% of executives prepared to let go of the office for good. Meanwhile, 87% of employees say the office is essential for collaborating with team members and building relationships — their top-rated office needs.

As enterprises look at how they are going to manage productively over the long haul effectively and decide what cloud services they will standardize, they will also have to balance their ability to provide their staff not only a convenient and productive remote environment — but a secure and resilient one over the long haul.