The Corona pandemic has created massive challenges for many companies. One of them: employees who no longer come into the office and work from home – and who may even like it and want to keep it that way. Often, the corresponding digital solutions were hastily implemented and now new processes, strategies and security criteria have to be defined after the fact.
Here is a little inspiration on this, based on our experience from 5 years of flexible digital working in the cdt digital group – with an international team under high data protection and IT security standards.
If you want to learn more, feel free to contact us: sales [at] cyttraction.com
How has the threat situation changed in 2020/21?
The pandemic led to a sudden increase in the number of users online at the same time. In some US cities, there was suddenly 25% more internet traffic in the spring of 2020. In 2019, there were already about 3.4 billion phishing emails per day worldwide, these also caused massive problems in 2020/21, plus there was a huge wave of smishing SMS.
The attacks have not necessarily become more complex, but hackers have either invested more time per attack or resorted to prefabricated tools (e.g., ransomware as a service), as well as finding and exploiting partly simple loopholes more often. This has caused massive damage, which Cybercrime Ventures, for example, estimates at USD 6 trillion per year, and still gives us new headlines on security vulnerabilities and data leaks every week.
In general, it can be said that all digital and especially automated business models and tools used by legal companies can also be misused for cybercrime. At the same time, users are less and less able to detect these attacks. A recent Verizon study estimates that 85% of all data leaks involve some form of human error.
Cyttraction is doing something about it.
More data and sources can be found at the end of this blogpost.
What does Home Office actually mean?
If you look at the reality of life for many employees – and managers – the term is misleading. One person thinks of a chaotic kitchen table, the other of a home office set up according to all the criteria of art in an extra room and TÜV-certified. It becomes much simpler and more true to life if you replace “home office” with “work anywhere”. As an (IT) decision-maker, you can take your cue from exotic locations such as beaches, rainforests or desert islands.
Because if employees are given the technical prerequisites that make these situations no longer an organizational challenge, then the IT infrastructure behind them is also right. At the same time, you will work through this and realize that it is neither necessary nor desirable for employees to work in all possible places and in all possible situations. Compliance, risk management, but also labor law issues play a role here – which, above all, must be communicated in a uniform manner.
And then, of course, there are job profiles that hardly allow for flexibility. After all, only about 15 million employees in Germany work in an office job, i.e., an area that is basically suitable for digital work. With an increasing shift of general internal communication to digital, an additional challenge is to securely integrate employees and project participants without a PC workstation into the digital infrastructure.
Tip: If you want to implement flexible working fairly, you first have to research and categorize the employees, job descriptions, workflows and data flows in your company!
How does the technical side look like?
Many companies still have some catching up to do before digital work can function properly. Closed on-premise systems, as they were standard 20 or 30 years ago, are still far too common. We all became aware of this again recently in the context of the Microsoft Exchange security breach. Even Microsoft’s in-house security team could not help with such setups – only warn and inform. Often, self-built isolated solutions for individual departments complete the collection within the IT infrastructure. Not only does this make it difficult to keep track of IT and security management, it is also maddening in terms of usability – for employees and the IT department.
The solution lies in an efficient digital transformation and the move to at least one core cloud system. There are different variants here – from the completely externally hosted Software as a Service solution to the self-installed cloud in various forms. In general, a clean IT architecture and long-term functioning infrastructure can be seen as the admin challenge of our time. Here, trained personnel are needed who can comprehend application fields as well as software history and product updates in breadth and depth. Otherwise, security gaps quickly arise due to admin errors.
What strict standards does maximum flexibility need?
Practice shows that teams need strict guidelines to be able to work flexibly and securely. A clear structure, coupled with a solid lean IT architecture and appropriate knowledge management, is the secret of a productive organization. In our company, the organization within the group of companies is based on so-called micro companies, which cooperate with each other. Work processes, company structures and security standards go hand in hand.
The basis was an analysis of the individual work tasks and data flows. We then precisely defined teams and separated access rights. Not every marketing employee needs customer information, and not all available forces need to be involved in the details of financial planning and research & development.
Three security standards apply:
- Marketing & public data
- Day-to-day business
- Confidential, research & development etc.
All are subject to regulatory privacy as well as IT security criteria. But not every marketing communication has to take place on our systems and not every mail from day-to-day business is additionally encrypted. A clear gradation creates less room for employees to bypass security criteria out of convenience, because they are perceived as a disruption to their own daily work.
We are happy to send you our complete Tech Briefing on this topic.
How do communication and leadership work when there is no longer a common place?
Regardless of external factors, management by milestones has proven effective. In addition to an overall vision coupled with a long-term objective, there is a business purpose and a specialized offering. Along the general strategy, the respective projects are lined up that are needed to reach the corresponding milestones.
Thus, there is little need for sprawling team meetings and mail traffic with more than two people. Project participants can exchange information directly and act freely and self-determined. The basis for communication is the IT environment provided and the corresponding security standards. Personal issues and life realities, which often lead to scheduling and social conflicts in hierarchically organized companies, can thus be avoided as far as possible.
The management task is to provide employees with all necessary information as well as to set schedules and deadlines realistically together and to communicate them internally as well as to customers.
If you would like to learn more, please feel free to contact us: sales [at] cyttraction.com
MIT Technology Review – Why the coronavirus lockdown is making the internet stronger than ever
CNBC Make it – Why working from home is here to stay