search.noResults

search.searching

saml.title
dataCollection.invalidEmail
note.createNoteMessage

search.noResults

search.searching

orderForm.title

orderForm.productCode
orderForm.description
orderForm.quantity
orderForm.itemPrice
orderForm.price
orderForm.totalPrice
orderForm.deliveryDetails.billingAddress
orderForm.deliveryDetails.deliveryAddress
orderForm.noItems
I


n April 2020, the UK Office for National Statistics reported that nearly 50% of adults in employment were working from home – the link to the COVID-19 pandemic and the related social distancing and lock-down measures are obvious.


But interestingly data trends have been showing that since 2012 the request for flexi- time and remote working has steadily been on the increase. COVID has inevitably speeded up what was a slow burning trend – but businesses have had ample time to consider both the benefits and potential security risks that more flexible working brings with it. Have they focused on the former more than the latter?


Businesses that have allowed flexi time and remote working have reported increased benefits including office costs being reduced, staff retention increased with better staff morale and productivity and the ability to attract a wider talent pool. But they have often cherry-picked the roles that suit this type of working. COVID has forced many businesses to move their entire enterprise to remote working because they are unable to meet COVID regulations. Are they ready to meet these new challenges?


It is certainly time to dust off the security risk register and apply a COVID-19 lens to the contents:


• What does the new normal for your business look like?


• What risks have changed and why?


• Do you have confidence that the measures you have in place are effective?


Nearly a year into this pandemic reviewing the security risk register should be a regular occurrence – how long did you plan for new security measures to be in place 3/6/9 months with the expectation that we would all be back in the office by 2021?


However, it’s not just about reviewing the security risks – it’s about understanding how the business has changed – what opportunities it has been able to take advantage of, and whether your security risks are helping to enable and support the CEO’s direction of travel.


What of the staff?


Working from home does not suit everybody – many are operating out of spare bedrooms, perched in hastily constructed desks in hallways or fighting for bandwidth in shared accommodation whilst juggling home- schooling or carer duties. Twelve months in and we can see that our staff are tired. The use of Zoom/Teams and Google hangouts is no


Working from home – the new insider risk?


longer a novelty as we now move from meeting to meeting as everybody knows that we will be at our desks.


Our staff are becoming isolated, despondent and bunny-hopping from one lockdown to another. They feel frustrated – and that can lead to bypassing security procedures to get a job done because they no longer see security as important, and competing business pressures are taking priority. The potential for insider risks within our business is as they say a clear and present danger.


This now more than ever is when we as security professionals need to work with our key business stakeholders – particularly our HR colleagues who hold responsibility for people management. Our line managers are the first line of defence in insider risks – knowing their staff, spotting when something has changed and then dealing with it and recording it.


• HR (including welfare teams) need to know which roles have additional risks as a result of home working, security teams can help by knowing what critical assets the business holds and what roles within the business have access to them and what the potential insider risks look like so that HR can involve security teams in high-risk areas.


• Line managers need to know why, how and what to report, security can help by working with HR and Comms teams to develop appropriate awareness campaigns – or using some of the many excellent products developed by CPNI (Centre for the Protection of National Infrastructure) that are on their website.


© CITY SECURITY MAGAZINE – SPRING 2021 www.citysecuritymagazine.com


• Training teams might need to re-focus on developing on-line learning that emphasises the importance of following security and how it is there to keep the business and staff safe. Security can help by evidencing the security risks to show the consequences to staff and encourage buy-in and good security behaviours.


Managing our people risks during the pandemic should be seen as a priority – our staff are essential assets. We should see this as an opportunity for security teams to strengthen their key stakeholder relationships and work in tactical partnership with core business departments to manage the insider risk. The benefits of doing this mean that when life does return to normal your stakeholders can see the tangible benefits that security has brought to the business.


Sarah Austerberry Director


Au Security Consulting and the Security Institute


www.Ausecurityconsulting.com www.security-institute.org


>


7


Page 1  |  Page 2  |  Page 3  |  Page 4  |  Page 5  |  Page 6  |  Page 7  |  Page 8  |  Page 9  |  Page 10  |  Page 11  |  Page 12  |  Page 13  |  Page 14  |  Page 15  |  Page 16  |  Page 17  |  Page 18  |  Page 19  |  Page 20  |  Page 21  |  Page 22  |  Page 23  |  Page 24  |  Page 25  |  Page 26  |  Page 27  |  Page 28  |  Page 29  |  Page 30  |  Page 31  |  Page 32  |  Page 33  |  Page 34  |  Page 35  |  Page 36