Remote Working Creates an Imperative for a Risk-Aware Culture

The Covid-19 vaccine rollout provides a beacon of hope that we may soon see a return to a more normal life. But what does “normal” look like in a post-pandemic world? There’s one aspect on which many sources seem to agree – that the shift to remote working is here to stay, even if not quite as intensively as it’s been used over the last year. According to estimates from consulting firm Global Workplace Analytics, we can expect that up to 30% of the workforce will continue working at home on multiple days each week by the end of 2021.

While the shift to remote working has been beneficial for many workers, it’s thrown up an entirely new set of challenges for risk managers. In particular, cyberattackers have seized the opportunities that the shift to remote working has provided. In Switzerland alone, the number of cyberattacks at the height of the pandemic was up by three times its usual level, at around 350 per week. However, despite the technical nature of the attacks, the main vector appears to be human. One survey found that over 40% of people said they’d made a mistake at work that had security repercussions, while close to half admitted to clicking on a phishing email at work. With cyberattackers preying on those suddenly flung into a home working environment, the numbers are likely to be even higher.

The Challenges of Staying Engaged

The main challenge with this situation from a risk management perspective is in ensuring that employees and leaders remain in a risk-aware mindset while working away from the office. With the prospect of home working remaining part of the status quo in a post-pandemic world, this challenge is one that seems likely to persist.

Furthermore, for those organizations that still use the traditional spreadsheet method of identifying and tracking risks, remote working makes life even more difficult. Risk managers have their work cut out trying to ensure that risk owners stay connected to their risk obligations, making it even more difficult to adopt and promote a culture of risk awareness throughout the organization.

Manual and siloed methods of assessing and tracking risks are also exponentially more difficult and time-consuming in a remote working environment. There’s a significant chance that risks may be overlooked, or worse, that people simply become disengaged with the process because it seems less relevant while working away from the office. This creates ideal conditions for cyber attackers or for other operational risks to start manifesting.

While remote working conditions may not seem like the ideal time to start overhauling your approach to risk management, the reality is that the pandemic has created an imperative for organizations to ensure they’re actively promoting a risk-aware culture. This involves ensuring that teams are collaborating on discussing and identifying risks, including the additional risks such as cyberattacks that result from the shift to home working.

Laying the Foundations for the New Normal

An integrated risk management approach is, therefore, a key enabler of a more remote-first workplace once we shift into the post-pandemic reality. Making the shift may be more challenging in the context of remote collaboration. However, if it’s the new reality, then organizations need to adapt their transformation activities as much as their everyday operations.

Communication is key, and leaders, risk managers, and cybersecurity professionals will need to find new ways to ensure that they can promote open discussions about risks and mitigations, particularly in the context of home working and the cyber risks that it entails.

However, having the right tools in place is also a significant enabler that underpins a risk-aware culture. An integrated risk management platform gives risk owners an easier means of tracking and controlling risks. It allows teams to stay connected to one another so that they can work together on identifying and managing cross-functions risks. It also provides a holistic overview of risks across the entire organization, allowing you to apply mitigation actions where their impact will create the most value.

Implementing VirtueSpark’s enterprise platform can kickstart your organization’s transition to an integrated risk management approach that will ensure you’re prepared for the post-pandemic world. Contact us today to find out more or to request a copy of our white paper on making the transition to integrated risk management.