UOB's Chan: "Companies need to step up cyber risk safeguards amid shift to hybrid working"
As hybrid working becomes more commonplace, organisations are grappling with the challenges of putting in place practical and secure remote working arrangements as well as risks from increased reliance on technology and having less control over the work environment
- New risks are here to stay
- Building a strong risk culture
- Ensuring a resilient workforce
The protracted COVID-19 pandemic is no longer just a disruption to work but has transformed permanently the world of work. As we process the learnings from 2020 to prepare for a pandemic-resilient workplace, the future of work is shaping into a hybrid model that optimises employee flexibility, autonomy and performance across locations.
While much attention has been focused on enabling virtual teams through technology, it is important to balance the risks of remote working with productivity and agility. A paper recently released by the Monetary Authority of Singapore and the Association of Banks in Singapore identified two key categories of risks for financial institutions. These are operational risks and people and culture risks, which all companies across sectors should note as they digitalise their businesses.
How might companies better manage these emerging risks as they grapple with the reality of remote working in the digital age?
New risks are here to stay
Organisations will need to confront the technological, operational, legal and compliance risks which arise from a hybrid work model. A change in an organisation’s control environment – such as when the majority of its employees perform their roles remotely – can introduce additional information and security threat factors.
For example, virtual workplaces can be at risk of increased cyberattacks on an external network, potential leakage or misuse of confidential information, identity theft and employees circumventing work processes and controls against compliance guidelines.
In a virtual work setting, enabling employees’ remote access to internal systems is a requisite. Companies must find a balanced and measured approach to cybersecurity safeguards which work for their operations and which do not compromise their risk controls or business productivity and agility. A recent study revealed that 75% of SMEs have adopted digital solutions in at least one area of business. The study was conducted from late November 2020 to early December 2020 involving 782 local SMEs with revenue less than SGD 100 million ($74.9 million) to understand the state of digital adoption among SMEs in Singapore and the support they desire for their digitalisation needs.
As companies continue to digitalise and operate a predominantly virtual workforce, they must reassess their risk profiles and identify the digitalisation opportunities to improve organisational workflows and customer experience across touchpoints. This is vital as companies’ exposure to cybersecurity risks linked to supply chain partners and third-party suppliers will only increase with more digitalised interactions and channels of data collection.
As a starting point, companies should look at incorporating additional digital authentication tools to mitigate risks such as customer fraud and identity theft.
In the wake of the pandemic, having a robust technology infrastructure enabled us to scale up our digital infrastructure quickly to support a hybrid working model while adopting a range of security measures. These included stepping up security monitoring and implementing web isolation to enable a protective layer between the bank’s systems and the internet.
Building a strong risk culture
Having a workforce that understands the new risk elements in their work environment will go a long way to support a robust risk culture. Training programmes should be put in place to ensure that employees and customers are educated on security awareness to minimise security risks and to remind employees of the importance of upholding the company’s risk culture.
As an added measure, companies should also seek active engagement with technology leaders to gain a deeper understanding of emerging trends and innovations as well as to future-proof their operations. They can do this through participation in industry committees and working groups such as the IT Standards Committee made up of industry volunteers driving information and communications standardisation activities in Singapore.
Ensuring a resilient workforce
Operating virtual teams in a permanent setting is transforming the risk landscape for businesses everywhere. From incidences of cyberattacks to the lack of resources to support off-site work, the ongoing remote working experience has highlighted how traditional risk management processes need to step up to meet the new workplace reality.
Beyond remote working, new workplace arrangements such as flexible working, job sharing and global talent collaboration will be future themes that need to be factored into extending a robust risk culture.
As increased remote work hours become commonplace and colleagues meet each other in-person less frequently, there is a higher risk that employees may experience deterioration in health and mental well-being as well as their connection with colleagues and corporate culture. Companies should review their employee engagement and wellness programmes to ensure that they have the necessary resources in place to support workers’ holistic well-being in the age of hybrid work.
At its core, we need to recognise that risk management is not about micromanaging the last crisis but rather applying learned principles to mitigate the next risk event.
The shift towards a hybrid work model will continue to redefine the risk landscape for businesses and those that fail to act quickly to recalibrate their risk management strategy may be left behind.
Chan Kok Seong is the Group Chief Risk Officer, UOB.