Woman with smartphone and calculator wearing face protective medical mask remote working from home

Are Businesses Coercing Staff Back Into the Office With Extreme Cybersecurity Claims?

In the first few months of the pandemic, cloud-based cybersecurity attacks increased by 630% with attackers making the most of the vulnerabilities of a rushed effort for staff to work from home. However, shock-worthy statistics like this don’t paint a clear picture of the cybersecurity realities of remote working. The truth is that 44% of employers didn’t provide any cybersecurity training to staff when the pandemic hit, and 66% of employers didn’t even go to the effort of providing antivirus software for their workforce, which would be considered a bottom-line essential in the office.

Recent media coverage has been fixated on the voices of business owners concerned over the risks of remote working, with cybersecurity claims central to the debate. Yet amongst all of the noise, there has been little discussion of how these risks weigh up against the wellbeing benefits of remote working. Considering employees are the core of all workplace success, staff welfare is an integral part of the debate that is currently being underrepresented.

With so many businesses eager for a full return to the office, the often misunderstood complexities of cybersecurity are an ideal scapegoat for employers desperate to see the end of remote working.

Why are some employers so against staff working from home?

For remote working to be a mutual success, trust is integral to the relationship between employers and their staff working from home. Understandably, businesses that were very watchful of their employees in the office were stuck with the biggest loss of power during the WFH shift. However, according to the latest coronavirus and homeworking figures released from the Office of National Statistics, although one-third of employees completed fewer hours of work at home, an equal amount completed more, so there’s no strong evidence that employees work less from home.

Google recently made a statement declaring that they think office-working is essential to sustaining their company culture, but that might not be as transparent a statement as it first seems. With 45% of workers saying remote working has greatly benefited their health and wellbeing, surely this is evidence that the pros of working from home outweigh the sacrifice of good in-office company culture.

It’s at this point that the line of company intent becomes blurred. The power dynamic of a business is compromised when employees are comfortable working at home and can escape intimidating people or situations easier, which is a threat to the hierarchy of a lot of companies and a relief for many workers. For businesses that don’t have the ‘fun’ culture reputation of Google, it is a lot more concrete to rely on cybersecurity concerns as a mask for their true discomfort about their staff working from home. It is much harder for staff to push back on the evidence of security risks compared to subjective company statements about the benefits of office culture.

To what extent can companies blame employees for cybersecurity attacks?

Although it is undeniable that the pandemic has seen a significant increase in phishing attempts and cybersecurity threats, it would be unfair to say this increase is a result of employees switching to home working entirely. The increase in phishing attacks is more indicative of scammers resorting to cybercrime as a result of them spending more time at home and becoming more desperate for extra income as opposed to ‘failures’ of staff working from home. Of course, the unprecedented and rushed transition to working from home at the start of the first lockdown meant that there were a lot of vulnerabilities for both businesses and individuals. In such unprecedented circumstances, this was to be expected, but those vulnerabilities would have never existed in a situation where businesses had sufficient time to plan and prepare for a secure transition to remote working.

The bottom line is that if employers are concerned about the security of their employees working from home then there’s plenty of precautions they can take, none of which require forcing employees back into the office based on cyber risks alone. If an employer is concerned about the security of their staff’s and company’s data then it is unfair to allude employees to believe that they will be ‘safer’ back in an office environment, especially if staff are comfortable and happy working from home.

What can businesses do to prevent cybersecurity attacks?

If an employer is doing the most that they possibly can to protect their employees working from home then the cybersecurity risk of remote working should pose no greater threat than in the office.

The best precaution companies can take for protecting staff is providing them with a company laptop or desktop that has remote access security controls installed, with two-factor authentication as a minimum. It is unfair for a business to express their concerns over the risks of staff working from their personal devices without providing them with an alternative. If employers have the resources for staff in the office then they should have the quantity to provide for staff working remotely.

But for businesses that have gone to the effort of providing business devices for their staff, a Remote Access VPN should be installed to ensure secure remote access to the company network, which if installed correctly will make the remote working environment just as safe as the office.

Because these measures are so effective and attainable, it is easy to spot potential evidence of coercion from employers. For example, if businesses are encouraging employees to use cloud-based software but then voicing concerns over hybrid-working then it would suggest their concerns go beyond cybersecurity as cloud-based software has the same vulnerabilities wherever staff are working from.

How to recognise potential coercion attempts

The point of this discussion is not to invalidate the cybersecurity concerns of employers. The rise in cybersecurity attacks and threats are real, and it is of the utmost importance that businesses are vigilant, skeptical and take immediate action. However, unless a business is taking every precaution possible to ensure safe remote working for their workforce then they shouldn’t be telling happy and healthy remote workers to come into the office solely over cybersecurity concerns.

If employees’ mental and physical welfare is better when they have the ability to work from home then it is unfair to use cybersecurity as a scapegoat for a full return to the office, and if that’s what a business is doing then there is likely an alterer motive at play.