COVID-19 and the home office balancing cyber security and productivity

Summary

• Stricter IT security standards for staff working from home can have a negative impact on productivity.
• The main reasons staff cite for not being able to work efficiently from home are lack of access to important data and restrictions on using a home printer to print work documents.
• Companies need to invest in better know-how, resources, capacity and staff training and awareness raising tools.

The 2020 Deloitte survey on the impact of COVID-19 revealed the greater risk of cyber crime faced by employees working from their home office in last spring’s lengthy lockdown. Inadequate technological infrastructure and insufficient cyber and data security were the main reasons identified. Since the start of the COVID-19 pandemic, employees have noticed an increase in fraudulent emails, phishing attempts and spam in their corporate email accounts. Many companies have responded by closing gaps in security, remedying shortcomings in their IT infrastructure, and adapting their IT security measures and rules to the new threats. However, one of the consequences of bringing IT security standards for those working at home into line with those for the physical workplace has been to make staff less productive. The latest Deloitte survey (February 2021), which surveyed 2,000 working-age people on cyber security when working from home or remotely, explores these issues.

IT security measures hamper efficiency

The overwhelming majority of respondents (81%) report that they are still able to work efficiently from home, but the remaining 19% believe that (new) IT security measures and rules are hampering their productivity. That figure is twice as high as in the 2020 survey (see Chart 1).

Companies can counter this trend by regularly reviewing, testing and enhancing their IT infrastructure and security measures. Simplifying and standardising rules and guidance could also help. Meanwhile, more targeted training may help improve productivity.

Respondents are more likely than last year to cite two particular reasons for being unable to work efficiently from home: “I have no access to important data” (32% of respondents) and “I am not allowed to use my own printer to print work documents” (24%) (see Chart 2). By contrast, fewer respondents than last year report a poor VPN connection (22%) and limitations on videoconferencing tools (18%) as the main reasons for being unable to work efficiently.

Since the start of the pandemic, companies have prioritised investment in these two areas as part of efforts to boost digital working. However, they need to focus more on safe, secure and non-intrusive IT security measures for employees accessing corporate data and solve the problem of restrictions on the use of home printers.

Better training on working safely and efficiently in the home office

Alongside IT security arrangements and rules, however, employees themselves are a further reason why working in the home office may be less efficient: many lack the skills to make professional use of new technologies and tools in the work context. Two-fifths of all respondents (42%) report that their employer has never provided security training or awareness raising measures on working securely from home (see Chart 3).

The switch to remote working during the lockdown was intended to ensure that employees were able to continue to work and collaborate. However, companies probably attached a higher priority to the rapid introduction of new technologies than to comprehensive security training.

Many companies therefore have some catching up to do and need to invest in know-how, resources, capacity, and tools for staff training and awareness raising. Regular training should include the full range of issues related to cyber security, including malware, phishing, username and password management, data protection, encryption, home network security, network connectivity (VPN) and endpoint security – and employees’ knowledge needs to be kept up to date.

Employees also need to familiarise themselves regularly with rules and guidance on handling confidential data, including the penalties they may face for making improper use of data. As in the 2020 survey, a quarter of all respondents (24%) report being tempted to keep copies of valuable company data in case “the worst comes to the worst” – that is, they lose their job or the company becomes insolvent. Ongoing prevention, information and training are essential to minimising internal cyber risks of this kind and preventing the loss of valuable corporate data and intellectual property (IP).