SACINOSS’ “The IT-Think” – Business and Cybersecurity Risks for The Dispersed Workforce

The ongoing COVID-19 pandemic has significantly changed how we now live and work.?One notable change is the furtherance of workforce dispersion.?In other words, organizations have had to react to and manage business activities with a workforce that is more geographically dispersed than ever before.?Prior to the pandemic workers were generally located at employer-provisioned facilities or sites; this meant that employees commuted to and from work where they interacted with patron customers to conduct business.?That changed as pandemic-driven lockdowns caused employees to mostly work from their homes. ?Businesses, including the heavily brick-and-mortar-based and/or organizations caught off guard have had to support these remote (‘location-independent’) workers as a matter of survival.?As businesses continue the fight for survival in ‘the new normal’ era, three major shifts are occurring across the globe: a) increased regulatory impact or governmental involvement in our lives and businesses, b) impactful supply chain gaps, and c) more virtualization of business activities and human interactions.?These three shifts and the revised roles or progressive-thinking protocols for employees and businesses will be discussed further in this article and the related benefits and opportunities will be explored.

The direct regulatory impact on businesses had two main dimensions – save lives through pre-vaccination social distancing that includes ongoing vaccination efforts and direct control of business activities.?The latter of these two was more of a resultant effect than an initial intention, and truly speaking, it significantly helped to save lives across the globe.?The regulatory or governmental impact on businesses as we know it included, for example, which businesses can open and when (hours of operation), how many patrons can be hosted indoors at the same time, when and where to wear face coverings, how and when to sanitize public workspaces, and recently the focus is shifting to whether those not vaccinated should be allowed to come to work.?The international, national, and local governments’ involvements in the day-to-day operations of businesses that started back in the 1980s with the savings and loans failures in the United States and financial reporting irregularities propagated by the Enron’s of the world in the early 2000s progressed to causing regulators to initially park themselves at the front doors of businesses.?The pandemic has now brought these regulators in bed with businesses; hence, progressive organizations will need to now inculcate this new relationship with regulators into their culture as a matter of core competency and survival.

As the lockdowns occurred around the world, supply chain and the physical distribution of goods locally, nationally, and internationally were directly impacted, because employees could not commute to the factories to manufacture goods and/or related services.?Relaxing the lockdowns with increased vaccinations has gradually re-opened factories and the flow of goods.?The current backlog at the Los Angeles Seaport is one impact and effect of the supply chain gap issue.?Progressive businesses will be those that also effectively inculcate and address potential scenarios of supply chain gaps into its core business processes going forward.

The virtualization of business activities with a keen focus on ensuring adequate cybersecurity protocols has become a core competency for any business operating today to thrive.?Recall that during the lockdowns, cloud, remote computing and ecommerce, and virtual meeting technologies that have been around for some time now exploded and to some degree became standard means of transacting, collaborating, and staying in touch with family and business patrons.?While not wanting to be alarmist, further virtualization will occur and become a differentiating factor that determines if certain businesses thrive or face demise.?It is important to note that there are various businesses and industries that are brick-and-mortar focused, and virtualization of certain core processes will be hard, if not impossible initially.?All businesses, however, have greater propensity to benefit from leveraging virtualization than may be initially thought, and not doing so can stunt continuity.?The virtualization we speak of has two main components, and they are: a) digital transformation or identifying and implementing technology to automate core business processes and b) adopting new, related protocols or roles to be sustained going forward.?

Digital Transformation: ?As previously stated, to remain competitive with a dispersed workforce, businesses must see virtualization as a competitive edge and somewhat key to survival.?To achieve this requires taking a hard look at the three generally core processes that cut through every business and asking the hard questions as to what aspects of each are performed manually, redundantly, or better yet can be automated to remove unnecessary costs and infuse efficiencies with a dispersed workforce.?The three general processes that cut through businesses can be generically labeled as hire-to-retire (HTR), order-to-cash (OTC), and procure-to-pay (PTP).

The overall goal of digital transformation is to enable location-independent business transactions to be completed by employees, suppliers, patrons, transporters, bankers, etc. with each party involved in completing the transaction apprised of the status throughout.?For the HTR process, because it is likely that hiring can be done remotely, transformation could take the form of enabling an applicant to submit job application and/resume through a workflow system that in-turn populates the payroll system to ease delivering a paycheck via direct deposit upon hire.?A virtualized OTC process should enable patrons to place orders, pay for and receive goods and services all online.?PTP processes will enable purchases, payment, and delivery to be seamlessly completed online as well.?Note that virtualization of the business activities will transform records from hardcopies to more portable and transportable digital formats (information assets) that must now be properly protected using physical and logical means (cyber security measures).

New Protocols:?Every employee or business owner, in addition to diligently knowing how to execute transactions, has a fiduciary responsibility to guard and protect information assets entrusted in his/her care.?Where the asset includes privacy data (healthcare, personal, etc.,) this important responsibility becomes heightened.?For everyone, this important duty starts with first employment as an adult and spans everyone’s lifetime.?In otherwards, this responsibility spans multiple careers and?continues after retirement, regardless of who owns the information assets.?That said, it now also behooves businesses and/or other organizations that may handle information assets to ensure that those entrusted to handle them are trained and periodically reminded of this important fiduciary duty.?Reminded or not, trained or not, everyone is required to perform this important fiduciary duty in order to protect assets.?We all understand how important it is for employees to know the objectives and how the business operates, it has now also become equally important for them to understand the basic steps to take to ensure cybersecurity measures – a new way to perform the required fiduciary duty as virtualization increases.?The steps both businesses and individuals can consider taking to achieve this important duty are further discussed below.

Businesses should consider:

• Reviewing their internal policies and procedures to ensure they are updated to reflect the virtualized operating environment.?
• Adding cybersecurity and business conduct responsibilities in job descriptions and duties, in order to ensure continual, related focus.
• Using virtual educational techniques (internal and outside seminars) to train employees on cybersecurity requirements.
• Implementing periodic business conduct protocols that engage the workforce and assure that regulatory compliance and ethical mindsets are woven into the fabric of the various processes used for business activities.?This can take the form of interactive code of conduct technologies to poll employees, suppliers, and customers alike about their fiduciary duties.?The polling should be extended to confirm with employees that they have taken steps to: a) avoid shortcuts and workarounds, b) ensure transactions were completed at arm’s-length, c) identify job-related polices and needing updates or to be made current, d) comply with regulations and follow security related measures, and e) speak up about misconduct, security issues, or inappropriate transactions.
• Periodically validating that access granted to employees to perform virtualized duties is properly assigned and that improper separation of duties (SOD) is addressed.
• Granting access (‘location-independent’ transacting ability) only after formal approval and to timely remove the said access upon the user’s employment termination.
• Using direct deposit as a payment method in place of the more expensive physical/manual checks.
• Only implementing new and/or modified systems after proper testing to validate that they meet their business purpose.
• Periodically validating that implemented systems are set up as intended and that completed transactions were processed correctly and benefited the right parties.
• Implementing and maintaining system security programs that ensure confidentiality, integrity, and system availability for a dispersed workforce.

Employees should consider:

• Taking steps to become an integral part of and practice sound cybersecurity measures needed to properly protected information assets.?Some of these steps include avoiding password sharing, ignoring inviting suspicious links in emails, and preventing phishing and other social engineering cyber-attacks.
• Viewing the opportunity to work remotely as a perk that demands an endearing need to remain productive.
• Taking needed steps to formally complete business conduct acknowledgment (e.g., annually) that reassures their employers that business transactions were completed in an ethical manner.

While the cost of the pandemic has been high in many respects, businesses that leverage the resulting paradigm shifts across the globe will derive competitive advantage in the future.?Driving these needed virtualization improvements, implementing new roles and protocols, and addressing outlined compliance and supply chain models can be better addressed through cross-functional collaboration to achieve a complete, end-to-end, secure, agile organization of the future.?The effort to virtualize should be continual and include efforts to comply with regulations, manage cybersecurity, and keep a dispersed workforce productive.?As individuals, we will continue to take on a new view, which includes assuming some duties that were routinely akin to employers; especially those relating to safeguarding portable information assets.