So much has changed since the start of the COVID pandemic. Among the profound societal shifts has been the restructuring of how and where we work. Remote and hybrid work and virtual offices, once rare, have almost overnight become a dramatic and defining new feature on the professional landscape for brands and organizations around the world. The implications of this shift are significant across the operational spectrum, but one of the most important downstream effects is the impact on security and risk mitigation. Executives and decision-makers must now grapple with a challenging new set of circumstances, complex new risk management and mitigation considerations, and thorny questions about their duty of care in a changed risk environment.
Identifying and addressing challenges of remote work
With some workforces going from 5% or less of their personnel working off-site to an operational model with anywhere from 50% to 100% of personnel working remotely, any decision maker who isn’t considering some sort of revision to their existing security and risk mitigation policies and procedures is playing with fire. Security and risk management has certain core objectives — access control, visitor management, employee safety, information security — all predicated on people being on-site. But if a sizable percentage of an organization’s team is now off-site, existing security protocols no longer apply. What’s left is a gap in policy, a gap in visibility for key assets, and new questions and complexities that must be addressed.
Does your duty of care extend to employees’ physical locations? What about the security of any sensitive materials either on their devices or in their homes? How will your IT security systems handle the new structure? Do you need to make sure employees have locking file cabinets at home? Is video surveillance needed? How far do you go?
Looking at these issues through the lens of Pinkerton’s Total Risk Perspective, the big changes in physical footprint and operational parameters translate to changes across the board. Event hazard risks have changed. Visitor management measures are no longer a matter of securing one site and vetting and monitoring visitors. And, the standard playbook for physical security no longer applies. New considerations for information security and privacy need to factor in, as an employer’s duty of care for remote employees might now extend to the security of their residence.
The new operational parameters
All these new challenges and big questions create a great deal of uncertainty. As employers trying to navigate that uncertainty and determine how best to ensure the safety and wellbeing of employees along with critical information and assets, they are discovering that formerly simple calculations have new layers and issues to consider. Something as simple as credentialing access to information becomes much trickier when you need to make determinations about network access for people operating on systems and technology that might not be in your direct control. All of this is prompting difficult conversations about legal gray areas and about how these big changes will affect logistics and resource prioritization.
New operational parameters will necessarily change the way you do business and the ways in which you connect and communicate with clients and employees. If you’re not thinking about how hybrid is going to permanently change your employee and your client interface experience, then you are not likely ready for the new normal.
Adding to the difficulty of adjusting risk mitigation measures is the continued uncertainty regarding the course of the pandemic. While some companies have charted a definitive course forward, many others are proceeding cautiously and attempting to remain flexible before setting any dates or deadlines for full or partial return to “normal” in-office operations.
Safety first — and then what?
For executives looking to make smart and strategic security decisions in the context of these pandemic uncertainties, the natural question becomes what to prioritize. The traditional hierarchy of physical safety first still applies, but with a dispersed workforce, the way forward isn’t always clear. The reality is that every organization is different, and one-size-fits-all answers are still in short supply. So much depends on industry- and company-specific structural and operational specifics, as well as the evolving legal and regulatory environment surrounding hybrid and remote work that will also certainly play a role in those decisions.
In the meantime, business leaders should be getting out ahead of these issues by thinking critically (and consulting their security partners) about their obligations toward their employees in this brave new world of virtual work. Prior to the pandemic, the only truly analogous situation with regard to duty of care was when companies housed employees overseas and had to ensure their housing, their general security, and wellbeing.
Playing fair with work environments
These new remote realities also introduce complex new questions about equity and diversity — not just with respect to traditional race and gender issues but in terms of potentially dramatic differences in what employees’ work environments look and feel like. In the same way that virtual connectivity in so many different industries — for all of the promise of access and inclusion — still faces structural limitations based on technology infrastructure and logistical hurdles, remote work is a concept that often butts up against the challenges of daily realities that affect individual employees in in vastly different ways. Employees will face differing sets of circumstances both at home and in their individual communities that could have a dramatic impact on their security and productivity — and addressing those inconsistencies won’t always be easy. Decision-makers will have to consider how granular and specific their risk assessments will need to be and to what extent they are responsible for an individual employee’s home security and working environment.
Obstacles and opportunities for the remote workplace
In this new hybrid and remote work world, a total risk perspective that considers a holistic, comprehensive, and customized approach to security and risk management is more important than ever. At a time when pandemic pressures have disrupted every quadrant of how and where we work, underlying threats are shifting, and addressing those risks and mitigating those evolving threats will take thoughtful leadership and collaborative work with security partners.
Because new risks and troublesome gray areas also unlock corresponding opportunities for true leadership, innovation, and even competitive advantages for brands and businesses that are proactive in addressing these new realities, organizations that can stay ahead of the curve and address their new security priorities and duty of care implications will find themselves at an advantage. Those than can do so effectively will be positioning themselves and their teams for strong and sustained success moving forward — no matter what challenging circumstances this newly hybrid world throws at them.