Skip to main content
White Paper

After COVID-19: Cyber and the coming remote work revolution

Cyber Risk Management|Financial, Executive and Professional Risks (FINEX)
N/A

By Tom Finan | June 10, 2020

In this article, we discuss the impact to cybersecurity in the context of more employees working remotely from home.

It is already clear that when the United States emerges from the COVID-19 pandemic, cybersecurity will never be the same. The reason? People. While companies have traditionally extended work-from-home privileges to only select individuals, they soon will find themselves in a world where remote work is the expected employee norm. Cybercriminals will adjust their tactics accordingly. Hackers are already shifting their targets from relatively well-defended corporate environments to home offices and other offsite locations that lack similarly strong protections. The recent surge in phishing attacks aimed at quarantined remote workers is just one sign of this impending change.

Three trends are emerging around where and how work will be performed post-pandemic. Each of the following will alter the cyber risk management landscape forever:

  • A vastly larger population of remote workers permanently expanding the attack surface, a phenomenon that will require new ways of prioritizing and mitigating cyber risk
  • Companies responding by turning their attention to the human element of the problem and building more robust cyber risk cultures to ensure resilience from disasters
  • HR leaders rising as essential cybersecurity players and joining forces with their Chief Information Security Officer (CISO) colleagues

Companies that fail to embrace this changing reality may face increased exposure to damaging cyber incidents. Injured parties, counsel and courts may come to recognize human-caused cyber incidents as largely avoidable and – in many cases – negligent. Insurance underwriters may be similarly unsparing when assessing client suitability for cyber and other critical lines of insurance. To protect themselves, companies should start now with building and funding the people-focused cyber risk management strategies they’ll need to avoid major financial, legal and reputational loss.

COVID-19 as turbocharger

The speed race is on

Prior to the pandemic, experts estimated that 3.6% of American employees worked from home at least two to three days a week, defined as “full time” for statistical purposes.1 That figure represents about five million people. As the country comes out of COVID-19, those same experts estimate that that percentage will skyrocket to as much as 30% by the end of 2021 – a 733% increase.2 This shocking jump represents almost 42 million people, just under a third of the American workforce, who will be working full time from home all the time.3

This massive sea change cannot be overstated. It took 15 years – from 2005 to 2020 – for the number of full-time work-from-home employees to expand from three and a half million to five million people.4 That’s a growth rate of about 2.86%, year over year. By contrast, COVID-19 will explode the current number more than eightfold – a growth rate of about 493% – in just eighteen months. In short, the pandemic will accelerate what had been a gradual but growing shift toward remote work acceptance into a high stakes speed race.

According to Willis Towers Watson’s latest cyber claims data, 63% of cyber incidents are caused directly by employees – through accidental disclosure, social engineering scams, inadvertent ransomware infection and even malicious intentional behavior. The lack of direct physical oversight over remote employees only compounds these problems. Without effective cyber risk controls that address the human element, companies are at serious risk of crashing and burning as their work-from-home populations expand rapidly. To avoid this fate, they must engage their remote teams and develop sustained approaches to changing cyber attitudes and behaviors for the better. 

From first gear to full throttle

Employee enthusiasm for remote work had been very high even prior to the arrival of COVID-19. In a 2019 survey, 99% of employees responded that they would like to work remotely, at least part of the time, for the remainder of their careers.5 They cited elimination of commutes, greater work schedule flexibility, increased personal and family time, and better work-life balance as key reasons.6 Among employees already working from home, moreover, 80% reported reduced stress levels and improved overall health.7 Remote work also saved employees money – ranging from $2,000 to $7,000 a year on average – in spend areas such as commuting, clothing, food and child care.8

On the flip side, many employers welcomed the 13% increased productivity among remote workers compared to their in-office counterparts.9 They likewise appreciated the improved morale, increased employee loyalty and higher retention rates fostered by work-from-home arrangements.10 Employers also cited the considerable cost savings resulting from the diminished need for physical office space as a major benefit.11

The pandemic has and will continue to put these existing trends on steroids. Five factors will speed the rapid change we have already started to see across the American economy:

  • Demand for work from home will increase among employees who – although experiencing it through challenging circumstances – now have had a taste of “what could be.”12
  • Managers will overcome prior fears about impaired collaboration and lower productivity among remote workers. Having undergone lockdown themselves, they increasingly will trust those workers and provide them with the virtual tools they need to get the job done.13
  • Shareholders will not soon forget pandemic-caused business disruptions and will press companies to continue work-from-home arrangements to ensure future disaster preparedness.14
  • Employers will have overwhelming evidence of how inefficiently they’ve used office space in the past and will maximize cost-saving opportunities through greater reliance on work-from-home.15
  • Executives will seek further cost reductions by limiting business travel to situations where return on investment justifies face-to-face client meetings. Virtual meetings – from home – will rule the day.16

Willie Sutton and cyber risk culture

Where the money is

While the new work-from-home normal may drive numerous efficiencies and other business benefits, it also may bring a rash of new cyber risk management challenges. When asked by a reporter why he robbed banks, the infamous early 20th century gunslinger, Willie Sutton, was purported to have responded, “Because that’s where the money is.” Today is no different. Companies across every industry sector hold vast amounts of confidential financial and personal data – as well as intellectual property – that are a modern day Willie Sutton’s dream. Unlike old Willie, however, this century’s cybercriminals don’t menacingly brandish weapons to terrorize their victims. Instead, their easiest way to a company’s treasure is through its employees.

Over the last several months, hackers have preyed on the public’s palpable COVID-19 fears to spread malware and launch other cyber threat campaigns.17 They’ve recently deployed an onslaught of emails purporting to advertise coronavirus protection and detection techniques but which actually deploy ransomware when opened.18 Cybercriminals have ramped up their efforts against remote workers especially because they know many are working from home for the first time – often with less-than-secure network connections, even less secure hardware, and inadequate IT support.19 They also know remote work comes with a slew of family, household and other distractions that contribute to higher email click rates and, by extension, higher rates of cyber infection.20 The hundreds of millions of new remote workers that make up this expanded attack surface represent attractive targets and easy routes into corporate systems.21

Although cybersecurity technologies will evolve to help fix these deficiencies, they undoubtedly may fall short of addressing the human element of cyber risk. Finding ways to meaningfully engage remote workers through more robust cyber risk cultures is an essential next step toward stopping current cybercriminal momentum in its tracks.

Areas to improve

As claims data shows, effective cyber risk prevention and mitigation is largely a people problem. In response, companies need to assess and analyze the elements of their cultures that shape both positive and negative cyber attitudes and behaviors. To that end, Willis Towers Watson researchers are well-versed in all aspects of employee experience. After exhaustive study and analysis, they’ve identified four cultural indicators of higher-than-average cyber risk: lack of customer focus, poor adaptability, low empowerment and inadequate training and compensation.22 With the permanent work-from-home population expected to jump 733% by the end of 2021, companies should start reexamining their existing human capital investments now to ensure they squarely address these challenge areas.

Lack of customer focus

Employees in breached companies report less emphasis on the customer, slower responsiveness to customer needs and fewer proactive efforts to gather and act on customer feedback.23

To address this cyber risk culture shortcoming, remote team managers should adopt strategies that embed “empathy for all.” That means putting employees first through genuine and active caring for their well-being.24 Once employees feel cared for, they extend that care to clients as part of their day-to-day interactions.25

As a starting point, managers should outline a vision that clarifies that remote workers are not anonymous cogs in some machine but instead part of a collaborative team that serves real people and solves real issues.26 To support that vision, managers should schedule regular team calls.27 Those calls should be used to nurture awareness and discussion about the company, encourage the sharing of personal and professional stories and recognize team members for jobs well done.28 Managers also should host virtual happy hours, lunches and other get-togethers to promote team trust and collaboration.29 At the same time, they should maintain direct lines of communication with individual employees.30 By initiating periodic “check in” calls, managers can foster much needed one-on-one human connection while ensuring that everyone’s voice is heard.31

By modeling these kinds of empathetic behaviors, managers can serve as proactive models for their teams and encourage similar treatment of customers.32 For example, deep listening by a manager could inspire a remote worker to create a virtual client coffee hour focused on current challenges.33 That interaction could lay the foundation for a lasting business relationship.34

Empathetic engagement doesn’t just happen, however. To enable it, managers must ensure their remote teams have access to shared technologies and teleconferencing tools that ensure seamless internal and external communications.35 Managers likewise must commit to using these resources consistently.36

The importance of these technologies and tools to building robust cyber risk cultures cannot be overstated. Employee distraction is one of the biggest contributors to phishing and other human-caused cyber incidents.37 Among employees indicating they work on well-connected teams, rates of moderate to high distraction are only 16 percent compared to 56 percent among those lacking such connections. 38 Managers who build remote team connectedness on an individual, team and infrastructure level therefore bolster cybersecurity not only through enhanced customer focus but also increased attention and dedication to task.

Poor adaptability

Employees in breached companies report their companies lack both speed and flexibility when it comes to decision-making and managing teams.39

To address this cyber risk culture shortcoming, remote team managers should enhance adaptability by focusing on successful outcomes rather than compliance with one-size-fits-all business processes and workflows.40 Stated another way, they should adopt policies that provide remote workers with substantial say in how they structure and schedule their own daily work.41 While managers should have the final word on end products, this practice puts workers in the driver’s seat when it comes to innovating approaches to meet changing customer requirements.42 It also provides the flexibility they need to strike a healthier work-life balance.43

Managers should further promote this kind of autonomy by empowering remote workers to automatically “do the right thing” for customers whenever possible – without the need for executive pre-approval or rigid adherence to drawn out procedures.44 This freedom, informed by a standing set of clear management expectations, makes workers heroes to clients – transforming them from order takers to decision makers.45 With more skin in the game, they naturally work faster, longer and smarter for client benefit.46

Finally, communications in adaptive work environments can’t just be a top-down affair. The old practice of telling employees not to raise issues without proposed solutions is out.47 Managers instead should regularly solicit feedback from their offsite teams to identify emerging pain points early on.48 They then should collaborate with their teams to develop needed fixes.49 In short, managers should go looking for trouble they might otherwise detect unaided in more traditional office settings. They then should be prepared to roll up their sleeves to help.

Low empowerment

Employees in breached companies report lower favorable scores when it comes to empowering staff through communication, respect and support for teamwork.50

To address this cyber risk culture shortcoming, remote team managers should empower workers through “employee voice” strategies. That means regularly encouraging employees to proactively share their concerns, ideas, and suggestions for improving the business.51 Managers can and should mine this information for insight into the customer experience especially – using it as a kind of “smoke alarm” to assess client sentiment and to course correct before opportunities are lost.52 The science is clear: managers who actively encourage their workers to come forward with their views create happier teams, promote more collegiate environments and boost productivity.53

As a starting point, employee voice strategies should include formal mechanisms through which remote employees can share.54 Managers should make it safe to do so by clearly explaining how received information will be protected as they convey it up the reporting chain.55 Anonymized staff surveys – especially those conducted by outside third parties – are particularly effective for this purpose.56 To boost participation, managers should collaborate with those parties on a pre-survey communications strategy that explains why employee perspectives are being sought, who’s being asked to contribute, and what will be done with gained insights.57 The surveys themselves should be distributed in multiple formats to employee cell phones, tablets and other media to make responding easy.58

Surveys, however, are only one part of the empowerment equation. Once remote workers provide their advice, managers must take concrete action – or explain why action is not being taken – so management outreach is not dismissed as mere tokenism.59 Workers rightly will want to know that their insights and opinions are being used to improve the organization and that they will be included in future decision making.60 Once leaders have decided how to proceed, managers should use smaller “pulse” surveys to obtain employee opinions on implementation progress and to solicit input on additional needed changes.

This repeated process of asking, receiving and acting on feedback creates an ongoing sense of employee empowerment.61 If employees understand their viewpoints are taken seriously and see real changes happening, they will continue developing, refining and offering ideas.62 Their frontline insights can significantly enhance both corporate decision making and organizational efficiency.63 This virtuous cycle of improvement can be strengthened, moreover, with additional mechanisms that empower employee voice, which may include the following:

  • Mobile phone apps that facilitate chat functionality, group networking, feedback and two-way dialogue between managers and remote teams.64
  • Standing virtual forums where employees can meet regularly to discuss client needs, business operations and career track and other personnel matters.65
  • Targeted virtual “jams” – impromptu online facilitated events – that focus on specific topics of immediate business concern.66
  • Crowdsourced decision making tools that submit issues to employees for final decision by majority vote.67
  • Designated email addresses and online feedback forms where employees can offer anonymous input.68

Inadequate training and compensation

Employees in breached companies report less adequate training for the work they do – specifically, less opportunity to upskill and advance in role – and a need to better align pay with performance.69

To address this cyber risk culture shortcoming, remote team managers should adopt training and compensation strategies that maximize employee engagement. 

Employee training – otherwise known as “upskilling” – is a win-win that helps managers mold their workers to better meet the demands of the business, changing customer needs and their own career objectives.70 Upskilling helps drive retention, enhances competitiveness and makes companies more attractive to new hires.71

Before building a formal upskilling regime, however, managers need a clear understanding of the foundational knowledge they want all their employees to obtain and over what timeframes.72 That understanding must be developed through regular conversations with offsite workers about their individual training requirements, the company’s business goals and objectives, and how to align both for the good of everyone.73 To make this formal curriculum training “stick,” managers should encourage the use of real-life, role-playing simulations that enable employees to apply their new knowledge immediately.74

Less formal upskilling opportunities are equally important for remote workers.75 So-called “micro-training” is particularly well suited given its accessible format of “bite-sized” education modules shared through short videos.76 Each module is designed to make narrow learning objectives relevant to a particular business.77 Managers providing micro- training should periodically query their teams about what quick hit topics would help them do their jobs better and then build programs around those interest areas.78 By migrating chosen modules to cloud-based learning management systems, managers can track courses completed by each worker, time to completion, tests taken and certificates earned.79

Other organic upskilling options include:

  • Pairing remote team members with other senior colleagues through mentorships and similar job shadowing opportunities.80
  • Leveraging “star talent” to create mission-relevant training and making it available through video meetings, recorded sessions and webinars.81
  • Encouraging the development of remote worker-led education initiatives that facilitate cross-pollination of in-house expertise.82
  • Creating internal and external “learning communities” where employees can freely engage, ask questions and informally exchange information with peers.83

Despite the typically greater flexibility of their schedules, remote workers, like everyone, experience daily time pressures and limitations. It’s up to managers to help them make upskilling a priority. They can do so by allocating paid training time, rewarding employees who upskill and approving seminar and workshop attendance during working hours.84

When it comes to the related issue of pay for performance, work-from-home arrangements present unique challenges. As an initial matter, remote workers should not be penalized inadvertently for their status. Companies in the post-COVID-19 world should review their employee evaluation and promotion criteria to ensure they don’t favor in-office employees.85 For obvious reasons, traditional metrics like face time and hours worked should no longer apply.86 Managers therefore should adopt outcome-focused evaluations that assess the quality and quantity of completed deliverables.87

To make the shift, managers should collaborate with their teams to define boundaries for particular kinds of work – including clear sets of objectives, tasks, and deadlines – and then free employees to decide how to best navigate within them.88 Over time, managers should test these boundary metrics by assigning similar projects to different people on the team.89 In that way, they can compare and contrast performance among similarly situated teammates to determine what constitutes excellent versus mediocre work.90 This insight can then directly inform salary and promotion decisions.

Experts warn, however, that managers should not base remote worker performance evaluations solely on outcomes. They also should focus on behaviors.91 A work-from-home team member might be extraordinarily productive, but they should not be breaking company rules or tearing down colleagues that “stand in their way.”92 Behavior-focused performance measures accordingly could include a person’s level of cooperation on the team, supportiveness, conflict handling, mental stability and other similar benchmarks.93

Given the physical distance that separates managers and their remote teams, moreover, experts recommend that feedback be obtained from a particular employee’s teammates in order to get a truer sense of their performance.94 Managers should make it simple for those colleagues to comply, limiting questions to the kinds of actions an individual should “start, stop, or continue” in order to advance business goals.95 Other experts suggest managers widen the circle even further by gathering 360⁰ feedback from different teams, departments and managers – all of whom may have perspectives on where an employee best fits given his or her demonstrated skills.96 This insight can provide managers with a more complete understanding of the individual’s work performance that in turn can more richly inform the evaluation and promotion process.97

HR’s time to shine

The criticality of these four aspects of employee experience makes clear that cybersecurity should not remain the exclusive domain of CISOs and other technical professionals. HR leaders are the experts in workplace culture. They must join the fight. Fortunately, a growing financial incentive now exists for them to do so.

In 2018, Willis Towers Watson began partnering closely with the Economist publication to take a deeper look at the topic of cyber resilience. The two companies designed a survey centered on a central theme: how are companies positioning themselves so they can best prepare for, respond to and recover quickly from a cyber event?98 Over 450 executives worldwide responded resoundingly: through increased cybersecurity funding across the board. Survey results showed that 73% of corporate boards plan to spend more on cybersecurity in the years ahead.99 Broken down, some 50% of companies plan to spend up to 10% more on cyber, while another 23% plan to spend 11% or more.100

HR leaders will be among the major beneficiaries of this trend. Survey respondents indicated that their companies plan to allocate fully 50% of the increase in cybersecurity spending just on the talent element:

  • 19 percent of the increased spend will be for IT talent acquisition along with cybersecurity skills training and development for those technical professionals.101
  • 16 percent of the increase will go to rewards and incentives designed to encourage employees to do the right “cyber thing” during their day-to-day jobs.102
  • 15 percent of the increase will be for cybersecurity training for all employees – whether they’re technical professionals or not.103

The survey further revealed that companies already are budgeting, on average, 1.7% of their annual revenue on cybersecurity.104 With the anticipated upward trajectory of future cybersecurity investments, a lot of new funding will be headed in the cyber risk culture direction. To get ready, HR leaders should determine now how those incoming resources should be allocated to best address the four aspects of cyber-related employee experience most relevant to their companies.

Conclusion

In the wake of the COVID-19 pandemic, work-from-home arrangements will likely become the norm for a vastly increased number of working Americans. As cybercriminals shift their tactics to profit from this new reality, the need to better manage the human element of cyber risk will come to the forefront like never before. Companies will likely need to build more robust cyber risk cultures that focus especially on the four aspects of employee experience that correlate to higher cyber risk. Those that do so successfully will differentiate themselves substantially from less secure peers. As their reward, they not only will have a strong defense against future claims of cyber negligence but also will likely qualify for cyber insurance coverage on increasingly attractive terms. Remote work is the future. Managing the “people piece” of cyber risk must be, too.


Footnotes

1 Lister, K., 2020. Work-At-Home After COVID-19 – Our Forecast. [online] Global Workplace Analytics. Available at: https://globalworkplaceanalytics.com/work-at-home-after-covid-19-our-forecast [Accessed 1 May 2020].

2 Ibid.

3 Duffin, E., 2020. U.S.: Number Of Full-Time Workers 1990-2019 | Statista. [online] Statista. Available at: https://www.statista.com/statistics/192356/number-of-full-time-employees-in-the-usa-since-1990/ [Accessed 1 May 2020].

4 Flexjobs.com. 2017. Exclusive Insights on the State of Telecommuting | Flexjobs. [online] Available at: https://www.flexjobs.com/2017-State-of-Telecommuting-US/ [Accessed 2 May 2020].

5 Buffer.com. 2019. State Of Remote Work 2019. [online] Available at: https://buffer.com/state-of-remote-work-2019 [Accessed 1 May 2020].

6 Ibid.

7 Owllabs.com. 2019. The State Of Remote Work Report By Owl Labs. [online] Available at: https://www.owllabs.com/state-of-remote-work [Accessed 2 May 2020].

8 Remoters. 2019. Remote Work Trends For 2020: The Present & Future Of Remote Work. [online] Available at: https://remoters.net/remote-work-trends-future-insights/ [Accessed 1 May 2020].

9 Bloom, N., Liang, J., Roberts, J. and Ying, Z., 2014. Does Working from Home Work? Evidence from a Chinese Experiment*. The Quarterly Journal of Economics, [online] 130(1), pp.165-218. Available at: https://www.gsb.stanford.edu/faculty-research/publications/does-working-home-work-evidence-chinese-experiment [Accessed 1 May 2020].

10 Remoters, Remote Work Trends For 2020: The Present & Future Of Remote Work.

11 Ibid.

12 Lister, Work-At-Home After Covid-19 – Our Forecast.

13 Ibid.

14 Ibid.

15 Ibid.

16 Ibid.

17 US-CERT.gov. 2020. COVID-19 Exploited By Malicious Cyber Actors. [online] Available at: https://www.us-cert.gov/ncas/alerts/aa20-099a [Accessed 4 May 2020]; Davies, N., 2020. Are We Ready for a Post-COVID-19 Cybersecurity Landscape? [online] Circleid.com. Available at: http://www.circleid.com/topics/cybersecurity  [Accessed 4 May 2020]; Palmer, D., 2020. Hackers Are Scanning For Vulnerable VPNs In Order To Launch Attacks Against Remote Workers | Zdnet. [online] ZDNet. Available at: https://www.zdnet.com/article/hackers-are-scanning-for-vulnerable-vpns-in-order-to-launch-attacks-against-remote-workers/ [Accessed 4 May 2020].

18 US-CERT.gov, COVID-19 Exploited by Malicious Cyber Actors; Davies, Are We Ready for a Post-COVID-19 Cybersecurity Landscape; Palmer, Hackers Are Scanning For Vulnerable VPNs In Order to Launch Attacks Against Remote Workers.

19 Panda Security Mediacenter. 2020. The Tech Challenges Brought By COVID-19 - Panda Security Mediacenter. [online] Available at: https://www.pandasecurity.com/mediacenter/mobile-news/covid-19-tech-challenges/  [Accessed 8 May 2020]; US-CERT.gov, COVID-19 Exploited by Malicious Cyber Actors; Davies, Are We Ready for a Post-COVID-19 Cybersecurity Landscape; Palmer, Hackers Are Scanning For Vulnerable VPNs In Order to Launch Attacks Against Remote Workers.

20 Six Steps to Boost Email Security for Remote Employees. Securitymagazine.com. (2020). Available at https://www.securitymagazine.com/articles/92390-six-steps-to-boost-email-security-for-remote-employees [Accessed 14 May 2020].

21 McBride, S., 2020. Why The Largest Cyberattack In History Will Happen Within Six Months. [online] Forbes. Available at: https://www.forbes.com/sites/stephenmcbride1/2020/05/14/why-the-largest-cyberattack-in-history-will-happen-within-six-months/#5bd27a50577c   [Accessed 15 May 2020].

22 Kulesa, P., 2019. Diagnosing company culture to mitigate risk. [online] Willis Towers Watson.  Available at: https://www.willistowerswatson.com/en-US/Solutions/products/cyber-risk-culture-survey [Accessed 1 June 2020]. 

23 Ibid.

24 Franz, A., 2020. Council Post: Customer-Centricity: Principles, Practices And Outcomes. [online] Forbes. Available at: https://www.forbes.com/sites/forbescoachescouncil/2020/02/18/customer-centricity-principles-practices-and-outcomes/#65f8f7c716eb [Accessed 5 May 2020].

25 Ibid.

26 Horn, B., 2020. How To Empower And Engage Remote Service Teams. [online] MyCustomer. Available at: https://www.mycustomer.com/service/management/how-to-empower-and-engage-remote-service-teams [Accessed 4 May 2020].

27 Franz, Council Post: Customer-Centricity: Principles, Practices and Outcomes.

28 Ibid.

29 Neeley, T., 2020. 15 Questions About Remote Work, Answered. [online] Harvard Business Review. Available at: https://hbr.org/2020/03/15-questions-about-remote-work-answered [Accessed 1 May 2020].

30 Franz, Council Post: Customer-Centricity: Principles, Practices and Outcomes

31 Ibid.

32 Penn, G., Zenooz, A. and Schwartz, C., 2020. How To Maintain Customer Relationships While Working Remotely. [online] Salesforce Blog. Available at: https://www.salesforce.com/blog/2020/03/remote-customer-relationship-management.html [Accessed 1 May 2020].

33 Ibid.

34 Ibid.

35 Neeley, 15 Questions About Remote Work, Answered.

36 Malcolm, T., 2020. Flexible Work. [online] Willis Towers Watson. Available at: https://www.willistowerswatson.com/en-US/Solutions/services/flexible-work [Accessed 5 May 2020].

37 Phillips, A., Simandl, R., Mark, J., Mathers, R., Wawrzyn, J. and Lovern, S., 2020. COVID-19 &Amp; Cybersecurity – Maintaining Vigilance During The Pandemic. [online] The National Law Review. Available at: https://www.natlawreview.com/article/covid-19-cybersecurity-maintaining-vigilance-during-pandemic [Accessed 18 May 2020]; U.S. Department of Health and Human Services, 2019. HC3 Intelligence Briefing Social Engineering and You. Washington, D.C.: [online] HHS Office of Information Security, available at https://blink.ucsd.edu/_files/technology-tab/security/20191104-HC3_CTI_Social-Engineering-and-You.pdf [Accessed May 18, 2020]; Heather, A., 2017. Infosecurity Europe 2017: Workplace Distraction Is A Major Security Risk, So What Can We Do About It? | Centrify. [online] Centrify. Available at: https://www.centrify.com/blog/workplace-distraction/  [Accessed 18 May 2020].

38 Kulesa, P., 2020. The impact of the coronavirus on employee experience. [online] Willis Towers Watson.  Available at: https://www.willistowerswatson.com/en-us/Insights/2020/05/the-impact-of-the-coronavirus-crisis-on-employee-experience [Accessed 28 May 2020]. 

39 Kulesa, P., 2019. Diagnosing company culture to mitigate risk.

40 Maurer, R., 2020. Remote Work Policies Should Now Stress Flexibility. [online] SHRM. Available at: https://www.shrm.org/hr-today/news/hr-news/pages/remote-work-policies-should-now-stress-flexibility.aspx  [Accessed 5 May 2020].

41 Ibid.

42 Ibid.

43 Gordeman, D., 2020. The New Rules For Remote Work: Pandemic Edition. [online] Harvard Business School. Available at: https://hbswk.hbs.edu/item/the-new-rules-for-remote-work-pandemic-edition [Accessed 5 May 2020].

44 Horn, How To Empower And Engage Remote Service Teams

45 Kunz, N., 2020. How To Empower Your Remote Employees | Divvy. [online] Divvy. Available at: https://getdivvy.com/blog/how-to-empower-your-remote-employees/ [Accessed 5 May 2020].

46 Ibid.

47 Loury, B., 2020. Managing Remote Employees: Best Practices from Doist’s Head of Marketing. [online] Ambition & Balance. Available at: https://doist.com/blog/best-practices-managing-remote-employees/ [Accessed 5 May 2020].

48 Trodella, C., 2020. 4 Ways To Manage Remote Workers When You Don’t Know How Long They’ll Be Working From Home. [online] Fast Company. Available at: https://www.fastcompany.com/90477145/4-ways-to-manage-remote-workers-when-you-dont-know-how-long-theyll-be-working-from-home [Accessed 5 May 2020].

49 Nawaz, S., 2020. How Managers Can Support Remote Employees. [online] Harvard Business Review. Available at: https://hbr.org/2020/04/how-managers-can-support-remote-employees [Accessed 5 May 2020].

50 Kulesa, P., 2019. Diagnosing company culture to mitigate risk.

51 Elsaesser, A., 2016. Engaging Technology To Encourage Employee Voice: Leveraging Surveys To Improve The Workplace - HR.Com. [online] Hr.com. Available at: https://www.hr.com/en/magazines/talent_management_excellence_essentials/july_2016_talent_management/engaging-technology-to-encourage-employee-voice-le_iqn8bt0e.html [Accessed 6 May 2020].

52 Sharp, R., 2018. Breaking The Silence: Employee Voice. [online] Hrmagazine.co.uk. Available at: https://www.hrmagazine.co.uk/article-details/breaking-the-silence-employee-voice [Accessed 6 May 2020].

53 Ibid.

54 Ibid.

55 Sachs, B. and Papay, M., 2020. Cultivating Employee Voice To Enhance Organizational Performance Within Healthcare Organizations. [online] Mgma.com. Available at: https://www.mgma.com/resources/human-resources/cultivating-employee-voice-to-enhance-organization [Accessed 6 May 2020]. 

56 Sharp, Breaking The Silence: Employee Voice; Elsaesser, Engaging Technology To Encourage Employee Voice: Leveraging Surveys To Improve The Workplace.

57 WorkTango Inc. 2020. 2020 Guide To Employee Voice - Worktango Whitepaper. [online] Available at: https://worktango.com/how-to-actively-listen-to-employee-voice-guide/ [Accessed 6 May 2020]. 

58 Ibid.

59 Sharp, Breaking The Silence: Employee Voice.

60 Sachs and Papay, Cultivating Employee Voice To Enhance Organizational Performance Within Healthcare Organizations.

61 WorkTango Inc., 2020 Guide To Employee Voice – Worktango Whitepaper.

62 Benni Team, 2020. How To Give Your Employees A Voice - And Why It Matters | Benni. [online] Benni.co.uk. Available at: https://www.benni.co.uk/blog/how-to-give-your-employees-a-voice [Accessed 6 May 2020]; Colton, B., 2018. Employee Voice. [online] Corpgov.law.harvard.edu. Available at: https://corpgov.law.harvard.edu/2018/09/26/employee-voice/ [Accessed 6 May 2020].

63 Benni Team, How To Give Your Employees A Voice - And Why It Matters; Colton, Employee Voice.

64 Sharp, Breaking the Silence: Employee Voice.

65 Ibid.

66 Feinzig, S., Lesser, E. and Rasch, R., 2015. Amplifying Employee Voice. [online] IBM. Available at: https://www.ibm.com/thought-leadership/institute-business-value/report/employeevoice# [Accessed 6 May 2020].

67 Benni Team, How To Give Your Employees A Voice - And Why It Matters.

68 Kappel, M., 2018. How to Encourage Employee Involvement in Decision Making. [online] Forbes. Available at: https://www.forbes.com/sites/mikekappel/2018/04/04/how-to-encourage-employee-involvement-in-decision-making/#5880cdbe6561 [Accessed 6 May 2020].

69 Kulesa, P., 2019. Diagnosing company culture to mitigate risk.

70 Lorentzen, M., 2019. Why Upskilling With Practical Experience Can Close The Cyber Skills Gap. [online] ITProPortal. Available at: https://www.itproportal.com/features/why-upskilling-with-practical-experience-can-close-the-cyber-skills-gap/ [Accessed 7 May 2020].

71 Keefe, R., 2020. How To Stay Relevant At Work - What Is Upskilling? [online] Toggl Blog. Available at: https://toggl.com/blog/stay-relevant-upskilling  [Accessed 7 May 2020].

72 Lorentzen, M., 2019. Why Upskilling With Practical Experience Can Close The Cyber Skills Gap.

73 Half, R., 2019. 5 Ways to Upskill Your Team and Prepare Them for the Future of Work. [online] Roberthalf.com. Available at: https://www.roberthalf.com/blog/the-future-of-work/5-ways-to-upskill-your-team-and-prepare-them-for-the-future-of-work [Accessed 7 May 2020]; Bave, S., 2018. Four Ways to Upskill Remote Workers. [online] Training Journal. Available at: https://www.trainingjournal.com/articles/features/four-ways-upskill-remote-workers [Accessed 7 May 2020].

74 Korneagay, A., 2018. Creating Training Appropriate To the Role - Training Industry. [online] Training Industry. Available at: https://trainingindustry.com/magazine/jan-feb-2018/creating-training-appropriate-to-the-role/ [Accessed 7 May 2020]; Tolani, K., 2020. 5 Ways to Upskill Employees. [online] The Prediction Index. Available at: https://www.predictiveindex.com/blog/5-ways-to-upskill-employees/ [Accessed 7 May 2020]. 

75 Tolani, 5 Ways to Upskill Employees.

76 Ibid.

77 Ibid.

78 Half, 5 Ways to Upskill Your Team and Prepare Them for the Future of Work.

79 Tolani, 5 Ways to Upskill Employees.

80 Half, 5 Ways to Upskill Your Team and Prepare Them for the Future of Work.

81 Kurter, H., 2020. 4 Budget-Friendly Ways to Upskill Your Newly Remote Workforce During A Crisis. [online] Forbes. Available at: https://www.forbes.com/sites/heidilynnekurter/2020/04/15/4-budget-friendly-ways-to-upskill-your-newly-remote-workforce-during-a-crisis/#1c8f65ba74cf [Accessed 7 May 2020].

82 Half, 5 Ways To Upskill Your Team And Prepare Them For The Future Of Work.

83 Bave, Four Ways To Upskill Remote Workers.

84 Tolani, 5 Ways To Upskill Employees.

85 Greenbaum, Z., 2019. The Future Of Remote Work. [online] https://www.apa.org. Available at: https://www.apa.org/monitor/2019/10/cover-remote-work [Accessed 7 May 2020].

86 Neeley, 15 Questions About Remote Work, Answered; Chen, D., 2020. The Best Ways To Evaluate Remote Employees. [online] ProSky - Learn Skills, Do Projects, Get Hired by Amazing Companies. Available at: https://talkingtalent.prosky.co/articles/the-best-ways-to-evaluate-remote-employees [Accessed 7 May 2020].

87 Neeley, 15 Questions About Remote Work, Answered; Chen, The Best Ways To Evaluate Remote Employees.

88 Chen, The Best Ways To Evaluate Remote Employees; Alton, L., 2017. Are Remote Workers More Productive Than In-Office Workers? [online] Forbes. Available at: https://www.forbes.com/sites/larryalton/2017/03/07/are-remote-workers-more-productive-than-in-office-workers/#24f9c61331f6 [Accessed 7 May 2020].

89 Chen, The Best Ways To Evaluate Remote Employees.

90 Ibid.

91 Ferrazi, K., 2012. Evaluating The Employees You Can’t See. [online] Harvard Business Review. Available at: https://hbr.org/2012/12/evaluating-the-employees-you-c [Accessed 7 May 2020].

92 Ibid.

93 Barth, S., 2017. [online] Krauthammer.com. Available at: https://www.krauthammer.com/pl/publications/blog/evaluating-remote-workers [Accessed 7 May 2020].

94 Bhaduri, A., 2020. Employee Performance Review: How To Evaluate Remote Employees. [online] Engagedly. Available at: <https://engagedly.com/evaluate-remote-employees/> [Accessed 7 May 2020]; Chen, The Best Ways To Evaluate Remote Employees.

95 Chen, The Best Ways To Evaluate Remote Employees.

96 Bhaduri, Employee Performance Review: How To Evaluate Remote Employees.

97 Ibid.

98 2018. How Boards Can Lead The Cyber-Resilient Organisation. [ebook] Willis Towers Watson. Available at: https://eiuperspectives.economist.com/sites/default/files/EIU_WTW%20-%20How%20boards%20can%20lead%20the%20cyber-resilient%20organisation.pdf [Accessed 8 May 2020].

99 Ibid.

100 Ibid.

101 Ibid.

102 Ibid.

103 Ibid.

104 Ibid.

Willis Towers Watson hopes you found the general information provided in this publication informative and helpful. The information contained herein is not intended to constitute legal or other professional advice and should not be relied upon in lieu of consultation with your own legal advisors. In the event you would like more information regarding your insurance coverage, please do not hesitate to reach out to us. In North America, Willis Towers Watson offers insurance products through licensed subsidiaries of Willis North America Inc., including Willis Towers Watson Northeast Inc. (in the United States) and Willis Canada, Inc.

Author

FINEX Cyber/E&O

Contact Us