Businesses have done a phenomenal job to keep going throughout Covid to keep people working from home, and at the same time building in those layers of security as they go. However, as this new norm sets in, there needs to be more security in place for the post covid world.
Working from home needs additional cyber security post covid
With people working from home, it is important to realise that there are now layers of security your company can’t easily control. Although there has been an inherent layer of security during covid because people have had to work at home, rather than working out and about in cafes and public places.
We recommend giving guidance on these issues to staff as they may not realise that their homes aren’t as safe digitally as they might think they are. Training helps, and it is essential. It’s also essential for organisations to undertake risk assessments of their new agile/remote working environments.
Things you should be considering:
Home environments are a business environment
If you want to breach a corporate network, then you seek out the weak links. People themselves, and home networks/devices are without a doubt weak links that need protecting.
Review your remote working environments
It’s essential that security risk registers and controls are revisited regularly. It’s also important to perform regular penetration tests.
Are the roles now paperless?
Do we need collection of classified documents for shredding?
We are sharing screens more
We need to be cautious about what we are inadvertently sharing.
The use of smart speakers and technology at home
We all know of Alexa, but there are hundreds of varieties. They are all managed by different countries using different clouds. They are recording all the time. IoT and AI are likely to further erode the privacy and autonomy of users.
Avoiding successful attacks and creating better cyber security post covid, the short answer…
Before you hide, go seek!
The biggest key to it all: do you know where all of your data is?
Layer it up
It’s essential that you rely on all 7 layers of cyber security post covid. You can’t just have one control to stop a threat, just as having antivirus software will not protect you from getting a virus. The same way locking a door won’t stop someone burgling your house. It’s best to apply theSwiss cheese modelof risk management.
It is much cheaper to get your security layers in there first. The layers don’t need to be expensive, just suitable, with good architecture.
Your data, particularly sensitive data, needs to be protected whilst traveling over non-corporate networks and whilst at rest – sat on a server, the cloud, a mobile or on a laptop.
Work with what you’ve got
Most companies, even big ones, don’t have the budget or endless resources to do everything, the key is optimising what you have got. A simple one, privilege management – what are the entry limits to your digital technology?
Know your risks
It’s essential for all businesses to have a risk register, however large or small. If you don’t know all the risks your organisation faces, how can possibly ensure you are protected against them? It’s negligent to not do so. It’s important that board understands and signs off risks, and doesn’t just leave it to IT. Ask yourself what are your risks to cyber security post covid.
It’s essential that you monitor all network attached devices for anomalies. If you aren’t looking you aren’t going to see a breach until it’s too late. Many organisations don’t know they’ve had a breach until months after.
Business Continuity has been put to the test
Covid has made us test all major categories of business continuity. A few years ago, we’d test things like ‘building unavailable’. Businesses have been put into the real-life working situation of no building available, no public transport, fewer staff numbers and sick and absent staff. We have been hit with all the major categories of business continuity at the same time.
A shortage of senior cyber-security professionals
However, with a global shortage of senior cyber-security professionals, coupled with the prohibitively expensive costs of retaining a full-time, dedicated expert, many businesses may struggle to access the appropriate level of support required.
Businesses get access to a dedicated Chief Information Security Officer who will provide senior security leadership and take responsibility for identifying, controlling, and managing risk. Making sure the business’s security posture is strengthened.
As businesses scrambled to suddenly support much larger, permanently remote teams, certain cyber-security policies and procedures fell by the wayside.Simultaneously, cyber-criminals capitalisedon the uncertainty, confusion and panic caused by the pandemic and found new opportunities to attack, via remote workers and unsecured technologies.
Remote working is not going away. In the UK, businesses will be subject to at least several months of restrictions. Yet, even when things do return to ‘normal’ it’s unlikely that operations will be the same as they once were. It is imperative that businesses prioritise making remote working secure to prevent themselves from falling victim to a breach or serious attack.
13 ways to make remote working secure
1. Educate your employees
New scams, particularly revolving around business email compromise, arrive daily in relation to events, such as the pandemic or a legislation change. It’s important that your staff can identify a one-off or unique phishing scam or at least raise it with IT if unsure. Software can help keep staff sharp with phishing, but ongoing training is critical to protect the business from other methods of social engineering, such as via the phone.
3. Establish advanced threat detection and response
It’s vital that you are aware as soon as possible when major threats appear.Security systems also need to be aware and rapidly notify you of any breach or attempted breach of your security. The system action and human response must be rapid to isolate and contain the threat, even if it’s not on your local network. It’s important to note here that the human element is critical, too many organisations are simply relying on slick-looking AI solutions, which on their own just don’t cut it.
4. Deploy aggressive vulnerability management
Keeping systems up to date with the right security patches is more important than ever with a disparate workforce. Unpatched systems and system misconfigurations are a key focus for attackers. It’s important to use scan networks but also to use host-based scanning that allows remote workstations to scan themselves outside of the corporate perimeter.
5. Monitor cloud infrastructure and applications
You must monitor systems that hold your data, even if you don’t actively manage them. Most cloud infrastructure and cloud applications, especially the like of Microsoft, AWS and Google provide large volumes of data that can be monitored for suspicious events and activity.
7. Ensure multi-factor authentication (MFA) is in place
Multi-factor authentication is a basic and essential security control both too many organisations are still not deploying it to improve the security of their remote access.
8. Don’t forget backups
Most of the attacks focused on the remote workers aim to deploy ransomware on a corporate network. To take that further, they are also looking to encrypt backups to ensure that a company can’t recover their data. Therefore, businesses should be looking at creating an air gap backup to protect against this threat.
9. Run attack simulation training
Spear phishing is still one of the most common attack vectors. By running this type of training, you can see how employees would respond to real-life attacks and socially engineered campaigns. Results can be used to identify weaknesses and deliver personalised training to those more likely to fall victim to a breach attempt.
10. Implement device risk and compliance checking
You need to ensure devices are secure before allowing them to connect to the corporate network and access resources. Personal devices often do not have the same security protocols and can open several weak points. Businesses need to have clear oversight of all devices connected to the network, be able to distinguish between personal and corporate devices and be aware whenever a new device joins or tries to join. As it may not be possible to installadditional security software on the device, businesses should flag it for unusual activity and put it on to a separate network.
11. Implement access governance policies
The rising threat of a breach, internally and externally, means it’s important for businesses tomonitor and control who has access to key resources. Policies shouldassume the principle of least privilege (POLP) – giving users the bare minimum permissions they need to perform their role – and clearly define who has access to which resources and under what conditions they have access. With the right policies in place, it becomes easier to identify areas of ‘privilege creep’ and prevent stale accounts (e.g., ex-employee accounts which are still active).
12. Manage privileged access
Employees are often given full admin rights as standard. However, increased access means an increased risk level. Instead, you should ensure employees are only able to access what they need to fulfil their job role and responsibilities effectively. There should be systems in place allowing administrators to respond to access requests and be notified of any unauthorised access attempts.
13. Adopt a zero-trust principle
The increase in cyber-attack frequency and sophistication, coupled with the hybrid nature of today’s IT environment, meanstraditional security frameworks are no longer enough. While businessestypically focus on defending their perimeters, assuming everything ‘inside’ is already cleared and safe, this is too open of an approach. Zero-trust is essentially about removing all automatic trust. Anything and everything which tries to connect to the system must be verified before access is granted – ensuring it is the right user, from the right secure endpoint, with the right access permissions, who is making the request.
Remote working security is a critical issue
More than ever, businesses cannot afford anything which would harm their productivity, their reputation, or their bottom line. It’sunderstandable why measures may have not been fully in place at the beginning, but it’s imperative that businesses now make security a priority.
The COVID-19 has had a huge impact on the way businesses deliver IT services to end-users. The lockdown and subsequent restrictions left businesses scrambling to deal with an unprecedented situation where their entire workforce needed to work from home. Most simply weren’t set up for permanent, widescale remote working but had no option but to embrace it to remain operational.
Technology like online meeting and collaboration tools, hosted telephony, VPNs and virtual desktop infrastructure (VDI)saw a surge in adoption as businesses looked for ways to keep their employees connected, productive and secure. Of course, VDI solutions are nothing new. Businesses have been using it for over a decade to deliver desktops and applications to end-users. However, it is seeing a resurgence, both due to current challenges arising from COVID-19 and the maturation of Windows Virtual Desktop. This was highlighted in the recent Spiceworks Ziff Davies 2021 State of IT Report which found 46% of businesses were using or planning to use VDI by mid-2022. Furthermore, 26% of businesses planned to increase VDI deployment specifically because of the new challenges that have surfaced due to the pandemic.
How can VDI solutions help internal IT Teams?
1. Reduced Costs
Delivering desktops through VDI helps reduce the time it takes to provision new desktops. Easy and quick to set up, VDI not only reduces the time required by the IT team and the support costs, but it also provides more immediate value to the business.
VDI can also help IT Managers optimise and reduce their IT spend. Purchasing and upgrading hardware for remote employees is a significant cost, but as a virtual desktop can be accessed from almost any device it can really help slash spend in this area.
2. Simplified Licencing
Software licencing is one of the most common issues for IT managers with remote employees. If an end-user uses a personal device for remote working and needs a particular app to do their job, it’s ITs responsibility to licence this. Not only do multiple licences increase IT costs, but it also complicates licence tracking and compliance. The IT team needs to be able to prove that apps on personal devices are properly licenced and differentiate between corporate-owned software and personally owned software. VDI solutions eliminate this challenge for IT teams by keeping the licenced software within the business’s own data centre and removes the need to track remotely installed apps.
3. Improved Security
Security is a constant concern, even more so with the new threats emerging as a result of the pandemic. It’s a particular issue for IT teams where end users are using personal devices to access company data or systems. There are no guarantees that the device adheres to the company security policy, it may be infected, compromised or running an outdated operating system. However, with VDI, device-level security becomes less important as the user remotely connects a corporate desktop which IT configures to exact security requirements. The personal PC essentially becomes a thin client as all activity takes place in the data centre, with all of the corporate security systems and controls in place.
IS CONFIDENTIAL DATA LEAKING OUT OF YOUR BUSINESS? FIND OUT TODAY WITH A COMPLIMENTARY DARK WEB SCAN
4. Reduced Technical Support Time
IT Managers’ workloads are higher than ever now they need to manage a fully remote workforce on top of their existing responsibilities. VDI solutions make it easier for IT teams to support remote end-users because it puts them in a standardised environment, with the device itself less significant. It also reduces major technical issues and speeds up resolution time because IT teams already have all the information about the user’s virtual desktop systems to hand. Of course, technical issues can still occur with virtual desktop users, but these are usually related to connectivity and performance and are simpler to identify and resolve.
5. Centralised Management
With everything centrally stored, managed and secured, desktop virtualisation streamlines the management of software assets. This makes it easier for the IT team to set up and provide end-users with desktops and applications, no matter where they are located. Administrators can also deploy, patch, upgrade and troubleshoot from a central, singular location, rather than updating end-users’ environments individually.
Are VDI solutions the right choice for every business?
Desktop virtualisation has continually developed over the last decade, but today the main two categories are VDI and DaaS (Desktop as a Service). VDI is suited to businesses who want to host and manage the virtual desktops themselves, on their own servers. DaaS is very similar but removes the need for infrastructure management by delivering it as a cloud service.
Both VDI and DaaS are well placed to deal with the most common challenges of traditional desktop and laptop systems, such as software licencing inventory, ensuring compliance and expensive procurement. Outside of these legacy challenges, both solutions also help businesses deal with IT process concerns, such as keeping up with the rapid pace of change and the time IT staff have to dedicate to routine tasks (e.g. troubleshooting, helpdesk requests).
DaaS has a slight potential edge on VDI due to the shared responsibility of a cloud model. It largely removes the need to manage the physical infrastructure, enabling IT teams to focus on the entire digital workspace and user experience.
The prominent solution that overlaps both categories is Windows Virtual Desktop (WVD).Previous virtualisation options gave businesses limited options over the type of virtual machines they could use to deliver desktops. They had to either compromise on user experience and deploy Windows Server Desktop experiences to achieve the cost benefits of a multi-session. Or, they had to sacrifice on cost and deploy single sessions in Windows 10.
This dilemma, plus the opportunities presented by Azure as a platform, ultimately led to the development of Windows Virtual Desktop (WDS). It’s the only virtual desktop infrastructure that offers simplified management, multi-session Windows 10, optimisations for Office 365 Pro Plus and support for RDS environments. An additional plus, just for IT teams, is the relatively short time to go live. A 100 person business with 4-5 servers could be looking at less than a week to set up from scratch.
Are there any issues with VDI solutions?
However, like any technology option, VDI is not a one–size–fits–all solution. Businesses still need to fully evaluate its suitability for their employees and their ways of operating. For example, while VDI is a good option for remote workers and contractors who need to securely access Office applications, it’s not the best for employees who travel frequently due to latency and VPN issues.
Certain applications also still don’t perform as well in VDI style solutions. Microsoft Teams and Zoom are two of the most widely used conferencing platforms,yet they both have performance issues and limitations in VDI environments. For example, with Microsoft Teams some advanced features may not be available in a virtualised environment, and video resolution can differ. Call and meeting functionality is also only supported on a limited number of platforms. As there are multiple market providers, it’s recommended that you seek consultancy advice or speak to your virtualisation solution provider to confirm you meet the minimum requirements.
VDI is just one element of the technology stack. Don’t forget you’ll need other complementary technologies to address gaps and round out the experience for the end-user if you’re looking to build a fully functioning digital workplace.
Join the IT Leaders Forum
By joining the community you’ll receive exclusive monthly briefings, tech updates from industry-leading vendors and free personal invites to top tech events.
“Our teams have been working from home since March and while overall it seems to be working well, I think some employees aren’t really working as they should be. Should I be using monitoring software to track their productivity?”
The QuoStar Answer
Well, this is a relatively common question and one I’m sure many managers have contemplated in the previous six months. Since lockdown, demand for monitoring software has soared. Searches for ‘employee surveillance software’ are up more than 80% and some providers have seen a threefold increase in demand for their tech.
Advantages and disadvantages of employee monitoring
The benefits of employee monitoring are probably widely known. Many studies have shown that when people know they are being monitored, they behave in the way they think is expected. In other words, they become more productive.
The real–time data collected by tools can, if utilised correctly, help uncover problems and identify bottlenecks. You can allocate resources more effectively and rework processes to prevent employees from having to spend more time than necessary on certain tasks. It will also allow you to identify employee strengths and weakness, giving opportunity for both praise and further training
A welcome side effect, particularly in the current climate, is enhanced data security. As an example, some tools can alert you to suspicious activity or block certain actions from happening altogether, such as the opening of certain applications.
However, all these potential benefits can be instantly wiped out by a poorly handled rollout. Attempts to be covert or any dishonesty about the true purpose of monitoring will likely be viewed extremely negatively. Your employees may feel that their privacy has been devalued or violated, and like the company no longer trusts them. It may result in diminished morale and elevated stress, harming your ability to retain staff in the long run.
Legal implications of monitoring employees at work
While employers are well within their rights to monitor activity on ‘business-owned’ devices, it’s a fine line to tread. You need to find a balance between employees’ legitimate expectation to privacy and the company’s interests, and there must also be a legitimate purpose for the monitoring.
The Information Commissioner’s Office (ICO) states that employees should be made aware before monitoring begins, told the reasons for its useand how the information collected will be used. Government guidancealso states that employers must clearly explain the amount of monitoring in the staff handbook or contract. This includes telling workers if they’re being monitoring, what counts as a reasonable amount of personal emails and phone calls, and if personal emails and calls are not allowed.
You will need to carry out a formal ‘impact assessment’ to justify the use of monitoring tools before any go live.This identifies the purpose of the monitoring and the likely benefits and adverse impact. As part of the assessment, you’ll need to look at alternative ways the purpose might be achieved; look at the obligations that will arise from monitoring; and whether the decision is justifiable (compared to the effects the employee might experience).
If you’re planning to use the information collected as the basis of disciplinary procedures (e.g. an employee being consistently unproductive) then I would also advise seeking legal advice to determine whether you need to amend your employment contracts to reflect this.
Monitoring software raises the age-old issue of data security and privacy as well. The more that is recorded, the more data there is to secure and protect. Just last month, H&M was fined for collecting extensive details about their employees’ private lives, which was accessible to 50 other managers. So, it’s crucial that you understand exactly how your monitoring tool will collect and store information, particularly if this happening on a third-party system. If the data is stored in a different country to where you’re located, you may need to comply with additional regulations.
What technology is available to monitor employees?
If you feel employee monitoring is both necessary and justifiable, then the good news is there areplenty of toolsavailable. I won’t list specific products or providers, butsome features you might look out for include:
Screen Monitoring – Captures real-time screenshots of a computer’s desktop or active window at set intervals, allowing you to see work in progress at any given point.
User Activity Tracking – Tracks and collects real-time user actions and behaviour data on company networks and connected and monitored devices. Also known as User Behaviour Analytics (UBA), not only can these tools track productivity, they’re important for security as well. This proactive form of monitoring can help you spot suspicious activity and prevent access privileges from being abused. Some tools will alsoalertwhen actions you have marked as ‘suspicious’ happens. For example, ifan employee tries to download unauthorised software to a work device, the administrator will be notified immediately.
Internet Monitoring – Automatically monitors employees’ application and web usage during working hours. Reports break down what was accessed and for how long, allowing you to spot if someone’s spending too much time on certain sites. Most tools can also block, deter or limit employees from accessing unproductive sites during working hours. Usually, companies use these tools to block social media, online gaming portals, and entertainment or streaming sites.
Time Tracking – Records time spent on projects or tasks. These apps are ideal for companies who bill by the hour, allowing for more accurate invoices, but it can also help with resource allocation. Records can help you identify bottlenecks and investigate whether you should amend processes or provide greater support for employees.
Keylogging – Keyloggers run in the background to track, capture and record all keyboard activity and mouse clicks. They can track activity across a variety of platforms, including email, instant messengers, web browsers and apps. The data collected can provide insight into daily activity, attitude, professionalism and productivity.
Call Recording – For industries, like recruitment, where communication is necessary for successful outcomes, your telephony system should be able to give you the insights here. Some hosted telephony and VoIP tools offer in-depth metrics including time on the phone, time to answer, who answered which call, and calls made/received/missed.
Constant Presence Tools – Utilise the webcam to take photos of employees at regular intervals, to check they’re at their desk. With some products, you can see photos all on one screen and click on them to start instant video chat.
GPS–This may an option if you have employees working at multiple locations or at client sites, as they can allow you to record individual’s hours and locations in one place.
Most software products will offer multiple productivity tracking features, so you don’t necessarily need a purchase a separate product for each one.
Employee monitoring is a very difficult line to tread. It can never be a simple, blanket yes or no. Every business will need to evaluate the pros and cons in line with their specific processes, operations and culture.
Bear in mind,the current situation is an extreme one. It may be overly simplistic to solely blame ‘remote working’ for impacts on productivity. Employees may have legitimate worries or problems in their personal lives as a result of the pandemic. They might be trying to balance childcare with work, caring for sheltering or vulnerable relatives or their mental health might be suffering. You will need to mindful of the wider circumstances when discussing productivity with individuals, as some may need greater support to achieve their usual ‘office-based’ output.
If this is the first-time employees have ever worked remotely, this is not necessarily an accurate representation of how they would perform in ‘usual’ times. Yes, remote working is not for everyone. Some people much prefer to be in the office, surrounded by their colleagues. Some will always see it as an opportunity to shirk their duties, as there’s no one around to check-in. But I wouldn’t necessarily rush to write off remote working as a complete no-go for your entire business.
If you do decide to go the software route, then ensure you’re transparent about it and be aware of how it might affect your company culture, as well as the legal obligations you’ll need to fulfil.
Just remember that X hours in front of the screen does not equal X hours of productive work. Yes, these shiny new tools that take photos of employees at their laptop and track their GPS location, are great but they alone cannot paint a true picture. Arguably, working hours aren’t the most important thing, it’s the output of those hours. You need to identify meaningful KPIs and regularly track these to really assess an employee’s contribution to the business. A slightly extended lunch or an extra short coffee break in the afternoon might not be the end of the world if the work is still being done.
It’s all about balance at the end of the day.
Do you have a question for QuoStar?
Struggling with strategy? Confused by the cloud? In the dark about IT investment? Drop us a message below for the chance to feature in the next QuoStar Q&A*
*All submitted questions are kept completely anonymous if featured in the series.
Many businesses simply were not equipped for full-scale remote working and, with little time to prepare, it’s understandable why some had to piece together partial solutions just to get everyone set-up and working. However, with large numbers reporting that they’d like to retain some element of remote working and business reaping the benefits (without seeing huge downturns in productivity), it seems this trend could be here to stay for the long term.
To ensure remote working doesn’t put the business at risk, from a security and operational standpoint, IT Managers should begin to review policies and procedures in this area. While things may have worked ‘fine’ in the context of a pandemic, there are likely some gaps that need to be addressed in order to optimise remote working, improving the process for employees and the business alike.
How to support remote workers in 2020 and beyond
1. Complete network visibility
IT Managers must be able to confirm who is working remotely, which devices are being used and which critical applications are being accessed, so they can ensure the business remains secure. This is particularly important where employees are connecting to a VPN.
2. Understand the end user’s perspective
In order to improve the digital experience for employees, IT Managers need to ensure they have the tools and technology in place to identify, assess and resolves issues as they happen. Implementing a monitoring platform that can collect real-time, accurate data from end-users’ devices would allow IT teams to promptly identify issues and prevent issues before they arise. In the case where the issue points to a larger problem across the network, it also gives IT teams a chance to issue a resolution before it affects others.
3. Be proactive
Just responding to IT requests or issues in a timely manner is no longer enough. IT teams need to operate in a proactive manner in order to reduce productivity losses. Implementing a monitoring platform which collects accurate, real-time data from employees’ devices, web browsers and collaboration tools, will help IT Managers identify potential issues and address them before they cause pain.
4. Help end-users to help themselves
IT teams can often find themselves stretched thin, trying to resolve issues for on-premise and remote workers. By utilising the right engagement and automation tools, IT Managers can empower end-users to resolve common problems themselves by implementing a self-help system. This may include creating troubleshooting guides for low-level, recurrent issues, utilising Microsoft Teams bots like FAQ Plus and Quick Responses or encouraging remote workers to log IT issues with certain information so they can be resolved more efficiently.
5. Promote collaboration tools
Collaboration tools have seen huge uptakes as employees look for ways to maintain effective communication across the business. Microsoft Teams alone reported a 70% increase, with active daily user numbers jumping to more 75 million. The performance of these tools is tied largely to the performance of the local device and network, which the IT team has less visibility in a remote working environment. So, in order to be able to provide sufficient support and seamless collaboration experience for end-users, IT Managers should consider solutions which will give them the level of visibility they need.
6. Address shadow IT
When it comes to remote workers, security is often one of the biggest challenges for IT Managers. Away from the office, employees can wind up using their personal devices to conduct business or start accessing personal applications (such as instant messaging, streaming services and cloud storage) from their work device.
It’s critical that the IT team take steps to address this, but at the same time, they should also seek to understand why employees are using these tools instead of company authorised ones. Is it a case that they don’t know the tool is available? They don’t know how it works? Or it doesn’t have the features and functionality they require?
7. Ensure regular communication
One of the most oft-cited downsides of remote working is isolation. It’s important that lines of communication are kept open so remote workers still feel part of the business. To ensure remote workers are receiving the support they need, IT Managers should consider using engaging feedback tools such as email surveys and polls.
Microsoft Teams comes with several personal apps, bots and connectors which IT Managers could utilise to manage the feedback process. Microsoft Forms, which allows users to easily create survey, quizzes and polls, and Polly, which gathers real-time insights with simple polls, are just two examples of the tools available.
8. Implement training and educate employees
Many employees have needed to quickly adopt new collaboration tools in order to effectively work from home. While they may have gotten used to them, having to learn how to use tools ‘on the fly’ probably means they’re probably missing out on features which could significantly improve their day to day activity, productivity and efficiency.
Training will also help strengthen security parameters by ensuring employees are aware of the types of attack, how they should respond and how their actions could affect the business. There was a big uptick in the number of cyber-security attacks during the first wave of the pandemic, but generally, the landscape changes so regular security training for end-users should be carried out on a regular basis.
The switch to remote working happened at incredibly short notice for most companies. What typically would require months of planning, pilot tests and stress tests to successfully rollout simply had to happen there and then, and this has likely created a lot of new challenges for IT departments.
It seems that it might still be some time from businesses can have their entire workforce back in the office at once – if they even wish to revert to that – but there are steps IT managers can take now to improve the remote working experience.
With employees more reliant on technology than ever before, IT teams need to ensure they have effective communications channels in place to understand and address the needs to end-users. A proactive, security-first approach will not only improve the user experience but also help prevent remote working from posing a risk to the business.
Join the IT Leaders’ Community
Are you an IT pro looking to keep up to date with the latest technology news, get a first look at product releases and upgrades, and engage with like-minded peers?
Join the IT Leaders’ Forum for exclusive content, downloadable assets and exclusive invites to free events with top-tier tech partners.
Flexible working is slowly becoming more common in the legal sector, with numerous firms announcing plans to implement the practice in the last few months or, at the very least, exploring the idea.
This increase is a response to numerous issues affecting law firms, whether it’s improving work/life balance for employees, the challenge of having global teams in different time zones, or in response to escalating rental costs – a particular concern for London-based firms, many of whom are starting to move out of the city.
We are also seeing a good number of start-up and boutique firms using quite advanced technologies to work from home or hot desk, giving them much better profit margins than their larger competitors. There’s no real reason why firms cannot increase the availability of flexible working.
The Benefits of Flexible Working
Flexible working can take many forms – part-time working, term-time working, home-working, compressed work, flexitime or hot-desking are all possibilities to explore. The practice can bring many benefits to a firm, among them including:
1. The ability to hold on to valuable staff
For example, those who need to work part-time in order to balance work and family life.
2. Reduced levels of sick leave
Employees will feel less run down due to a better work/life balance. Alternatively, they will no longer have to take sick leave in order to meet other personal commitments.
3. Increased employee morale, engagement and commitment to the firm
Staff will feel taken care of and have the flexibility to meet personal obligations and life responsibilities.
4. Improved productivity
Staff can work when they feel they can accomplish most and feel freshest – depending on the flexible work schedule adopted.
5. Greater talent pool to recruit from
It develops an image as an employer of choice, e.g. family-friendly, modern etc. Many workers these days, particularly graduates, have higher expectations and view flexible working as the norm.
6. Faster response time
Business decisions today can be made or lost in a matter of minutes. Having employees who can work from anywhere, at any times, means firms can be more responsive.
7. Reduced overheads
Flexible working initiatives like hot-desking have the potential to save money in terms of office space. For some firms, it’s unnecessary for every member of staff to have a fixed desk, and it’s a waste to pay for an empty desk.
Some firms implementing or exploring flexible working:
Herbert Smith Freehills
The firm has had a flexible working agreement since 2012, but in August announced plans to implement agile working across all its London based practice groups following a successful three-month trial. A number of partners and fee-earners were invited to work from home up to one day per week. The majority of those involved gave positive feedback; 89% reported improved work-life balance; 75% said flexible working improved their productivity and only 3% experienced negative responses.
The firm launched a “warm-desking” pilot in August, which is set to run for two months. The move is partly a response to a need to look for new premises in the city within the next three years.
In February, the firm announced that it was offering a flexible working program for all its London staff as it consolidates its two offices into one. BLM said they have invested heavily in technology to make flexible working simple and achievable.
The key to achieving the benefits of flexible working is implementation. Technology, of course, is important but also easy. Any IT department should be able to enable employees to work in the same manner, whether they’re in the office or not, without effort. A vast array of technologies and readily available Internet connectivity make it easy to collaborate in and out of the firm.
There are however also other softer elements to consider. Personality types, organisation and culture can all determine whether flexible working is a possibility for your firm. Overall you should focus on the business requirements first and foremost.
Both hailed as the future of working and criticised as the destroyer of efficiency, is remote working for every firm?
Remote working has existed since communications have been available to the roaming and remote worker. It has been pushed and pulled by enterprises of all sizes, and it has been claimed as the future of working and also criticised as the destroyer of productivity and culture. So, what should a firm consider before deciding whether to implement remote working?
Some people work best in a team or around other people, some work better alone and others work best in a mix. Most employees exist on this spectrum or as an outlier requiring either space to think or a strong social environment to nurture and drive them on. It is important to ensure you cater for all personality types for in whatever environment a firm chooses, as this will save money and HR headaches.
Often, when a key employee is not present during a meeting but is left to communicate via email and telephone platforms, so without face-to-face interaction, the meeting either comes to nothing. Or at least the employee is not as effective as they would have been had they been present. It is vital to consider how these issues will affect productivity and team working. Again, this will vary from person to person, role to role, business to business, but getting the environment right is critical.
Face-to-face video conferencing is the next best medium for communications. Nowadays, it is straightforward to talk face to face virtually and to collaborate via screen and application sharing through systems such as Microsoft Lync. Obviously, some of the dynamics are missed, but some virtual presence (telepresence) systems at the top end of the market provided by companies such as Polycom and Tandberg are impressive. Of course, the price points vary significantly, so mapping technologies to their correct applications are crucial.
Managing and operating in a remote working environment is far from straightforward. The process can easily feel disconnected, since, for example, it’s impossible to round people into a meeting room, grab a working lunch, etc. Calendars become king and can also become saturated. People can disconnect as you lose some of the natural connections that occur between a team located in the same office..
Many firms bring their people together regularly to ensure team build bonds and align. With the best will in the world, it is impossible to get the best teams without them ever meeting in person. Of course, you can build trust from a capability perspective without a physical meeting. However, the bonding and softer side of relationships, the part that will give a team an edge, need that investment.
Apart from the get-together, it is possible to enhance the culture by creating virtual collaboration and social environments. Many businesses are using Yammer to fulfil this requirement, and much more. In essence, this is a private social network for businesses. SharePoint can help in this area, but it requires a little more work. Employees can post in forums, chat, upload photos, just like Facebook, except the focus is on the working environment. These tools do enhance and develop a culture, not merely for the remote working teams.
Striking a balance
If an organisation really plans its remote working strategy these can work just as well or arguably better than an ‘everyone in the office’ scenario. However, it is vital to think all aspects through properly, beyond merely implementing technology for remote access. You need to consider many factors, and not giving them due time will result in little gain, or even cause damage. Those who take remote working seriously will grow a better business with happier employees while increasing productivity and reducing costs. The potentials are too big to ignore. Technologies and people have advanced beyond recognition from the days of dialling in to pick up email or even using the trusty (slow) VPN.
Your organisation probably already has remote working in some form. Is it really delivering to its full potential? Could it be more effective? Could it improve the firm’s culture?
Remote working has been around since communications have been available to the roaming and remote worker, in general terms. It’s been pushed and pulled by small, medium and large-sized enterprises. It’s been claimed as the future of working and also criticised as the destroyer of efficiency and culture. But there’s one important question that has to be asked:
Why do the claims about remote working vary so much?
It’s quite simple, there are so many variables. You cannot simply implement remote working and claim success. It doesn’t work for every individual, every work-type, or every operation. Can it work for them all? Well in theory – no. Can it work for a business in general if implemented correctly – generally yes. It can, however, be a lot of work to deliver results on the bottom line. If you aren’t working for results on the bottom-line then what’s the point? That should be the primary focus, a strategic focus that requires top-level support.
There is no doubt that technology now allows the worker to access IT systems in exactly the same manner as if they were in the office, generally without exception. They also have all the communications at their fingertips, such as the same telephone extension, video conferencing, instant messaging and internal social media platforms. Is that enough though?
It’s not enough to just have someone available to work remotely. You need to ensure that the culture and the business operations and processes support that model. Yes, it’s possible, but it’s really not easy. By nature, we are social animals and work collectively to accomplish tasks, so actually, it’s against our nature. Does that mean it can’t work? No. It’s just not as simple as pushing out technology and saying ‘go ahead and be productive’.
What factors make it work?
Typically the main elements to focus on are technology, personality, communication, organisation and culture. I’ve worked with hundreds of companies as well as running on my own, so I know it’s not easy to get it right. In reality, it’s impossible to make it work across the board, however, with the analysis you can understand what will and what will not work. I can, however, tell you one thing – it does not work in all environments. So, let’s look at the core elements I’ve seen. Do remember that I’m talking in general terms here.
Technology is easy. Don’t spend time worrying about this side of things in terms of your remote working. Any IT department or firm should be able to enable your staff to work in the same manner that they do in the office, without hindrance, without effort and without huge costs. The technologies are robust, secure and proven – the sums will stack up if the business case does. There are however new systems and technologies that will enhance remote working, such as private social networking, but they are only applicable when the strategic thinking has been done. Don’t focus on the technology, focus on your business requirements first. Any decisions led by technology will not deliver anywhere near the impact compared to a strategic decision made by a clear business case.
Some people work best in a team or around other people, some work better alone, and some work best in a mix. Those who work best in a mix are typically those who have a mix of work, i.e. when planning or managing projects they are better thinking alone. However when working on delivery, actually working in the team (which many do) they are best being in the office as this supports their planning, management and their delivery. These characters will often need some flexibility and giving them the option of flexible and remote working could certainly deliver positive results for your business.
You also get those who work best alone. You’ll often find that lawyers, developers, and project managers often work very well whilst away from the distractions of the office, or simply because at times their personality or working style suits it. They’ll typically adapt very well to total remote working or with the odd day in the office per week or per month.
Some people are social animals and need an office environment to work productively as they thrive when working with people. If you put them at home or in a serviced office alone you could quite easily find productivity loss or total loss of that employee.
Always think of the people and the teams when planning your strategy around remote working. This will save you both money and HR headaches.
General communications from an IT systems perspective should not be an issue, nor should the general communication systems, i.e. telephone, instant messaging, etc. The issue comes more on the personal level, i.e. meetings, team chat, etc. There are a plethora of solutions to enhance these areas, but they require planning and consideration. If you don’t have face to face communication with a team then you can miss visual clues, which can lead to unnecessary issues.
You will find on a simple level, take a key employee into a different room in a key meeting and let them communicate via email and telephone platforms without the face-to-face things fall apart, or at least they are not as effective as if they were in the room. You need to think about how these issues will impact productivity and team-working. Again, it varies from person to person, role to role, business to business. Getting the environment right is critical.
Face to face video conferencing is the next best medium for communications. It’s pretty straightforward to chat and collaborate via a screen with systems such as Microsoft Lync. You do obviously miss some of the dynamics, but there are some telepresence systems at the top end of the market which are impressive. Obviously, the price points vary hugely, so mapping technologies to their correct applications is crucial.
The frequency of communications is also key when managing or working in a remote working environment. It’s essential to hold regular meetings to keep the teams operating as a team. It’s too easy over time for people to drift into a virtual cave. When they get to this place it’s hard to get them out of it and this can damage productivity. You also risk them becoming disjointed from the business and risk them moving on.
Managing and operating in a remote working environment can be like herding cats at times. You can just feel disconnected and frustrated, you can’t just grab everyone needed and stroll into a meeting room, grab a working lunch, etc. Calendars become king and can also become full of noise if you are not careful. You can get people disconnecting, rather than connecting as you don’t get some of the natural corrections that occur between a team located in the same office.
Technology helps with some of the organising and holding together of teams but only if it’s mapped correctly to the operations effectively. It’s also crucial that the company’s policies and processes are clearly documented, understood and accessible. Typically IT systems will assist in the organisation of teams, such as the standard Microsoft Office suite and Microsoft SharePoint. Again, the key is to design and configure these systems correctly to ensure they enable teams. All information needs to be simple and fast to view, edit and collaborate on. It’s all about giving the teams deep vision and a central anchor point to their day to day operations. If they all work from a single pane it’s much easier to ensure that they are aligned and effective.
As we all know, culture is critical to the success of modern businesses, but it is even more important when managing and working with remote workers and teams. It needs deeper planning and carefully nurturing to really work. We are social animals at heart, so forming bonds with others and loyalty to the firm is essential.
Many firms bring their people together regularly or at least once a year to ensure that bonds are built and teams aligned. With the best will in the world, you can’t get the best teams without them ever touching-the-flesh. Sure, you can build trust from a capability perspective without meeting physically, but the bonding and softer side of relationships, the part that will give a team an edge needs that investment.
It’s also possible to enhance the culture by creating virtual social environments. Many businesses are using Yammer to fulfil this requirement. In essence, it’s a private social network for businesses. You can have employees post in forums, chat, upload photos, just like Facebook, except it’s focused on the working environment. These tools really do enhance and develop a culture, not just for the remote working teams.
Aside from technology, regular team and one-to-one calls or video conferences can help. They should be scheduled in though. If they aren’t, communications, relationships and productivity can drop off. They shouldn’t be just focused on work though. You should also facilitate discussions around people’s personal lives to build bonds. It will feel a little awkward at first but over time the team will get to know each other.
If you really think and plan your remote working strategy and operations it can work just as well, or arguably better than an ‘everyone in the office’ scenario. However, it really does need the thought, beyond simply implementing technology for remote access. As you can see there are so many factors to consider, not giving them due time will give you little or no gain, perhaps even causing your firm damage. If you do it right you will certainly grow a better business with happier employees, whilst increasing productivity and reducing costs. The potentials are too big to ignore, and we are operating in a new age. Technology has advanced beyond recognition from the days of dialling in to pick up email or even using the trusty (slow) VPN.
You probably already have remote working in some sense. Is it really delivering to its full potential? Could it be more effective? Could it improve your culture?
“Without sufficient preparation, flexible working can become a headache for both management and IT. Having employees spending increasing amounts of time working at different locations and on different devices can make it very difficult to keep track of efficiency, productivity and behaviour, which is why it’s so important to get the right systems and processes in place early, to ensure the smooth conduct of business remains unaltered.”
A few points to bear in mind when considering the implications of the new rules:
1. Think about your business objectives
What is the company trying to achieve in terms of its communications, operations and workflows? How much of this is effective and available remotely, and how much can you move online without disruption? Any systems or processes left behind may be out of bounds to some flexible workers.
2. Map the technology to the business
Any technology solution you choose must suit the business, not the other way around. However, all of your main IT requirements – service delivery, cloud, storage, network connectivity and security – will change as workers move off-site. For example, there’s a chance your cloud platforms or internet connectivity may not support flexible working in the way you expect.
3. It’s not business as usual
. Flexible workers will spend more time working alone – and will often demonstrate better productivity and quality as a result. However, they may also lack the motivation and morale that a communal working environment encourages. Simple collaboration tools, such as Lync and SharePoint can be employed to ensure everyone’s still a part of the team and gets the same overview of important information.
4. Infrastructure isn’t just about IT
The way employees communicate is unique to every office and seldom set in stone. For remote or flexible workers, a desk catch-up may become a conference call, which could create a demand for additional conference lines.
5. Review security
The threat landscape will multiply very quickly once you introduce personal devices, dual-purpose devices and multiple locations. Make sure to have an expert analyse the specific security controls that will be needed to protect against these and other threats.
6. Think about productivity
It’s easy to think that you can create a remote working solution on a shoe string. However, make a point of understanding the real impact of any cost-to-value decision for the longer term. Not all employees suit to home working, so how will you manage them and ensure they are being productive? IT systems can help, but you need clear policies that the IT will be monitoring and be enforcing. Also, don’t forget that some people and areas may require training.
7. Test it
It’s essential to test all systems to make sure flexible workers have access to the same tools as office-based workers. You can test virtually everything beforehand and failure to do so can have serious implications.
Rutherford adds: “Depending on the nature of the business, flexible working can, and often does provide a number of advantages in terms of both productivity and costs. However, both the IT and management landscape will change significantly. The sooner the business understands those changes the less likely it will face a crisis.”