More than ever before, as pandemic conditions persist, the threat of data breaches and cyberattacks continues to grow.
COVID-19 has permanently changed organizational culture and behaviour. Recognizing these changes is the first in a series of steps to mitigate them once this pandemic ends, and before the next.
As we enter the second year of the pandemic and temporary measures seem more permanent, there are five ways that cybersecurity has forever been altered:
1. Working from home
What began as a temporary measure to isolate employees in order to prevent the spread of COVID-19 has morphed into a more permanent, even desirable situation for some. Employees have relocated to rural locales, implemented flexible work hours and begun to relish the absence of hours-long commutes.
For enterprises, it means that every home office, work nook or kitchen table potentially becomes a shared office space. Organizations now effectively have hundreds of satellite offices whereas before COVID-19, they may have had none.
It’s no wonder, then, that the FBI reports cybercrime has tripled since the start of the pandemic. Not only are there more targets for hackers to access, but they are also, in many cases, not nearly as defended as enterprise computing environments. Employees are also dealing with many more emails and messages, which increases the odds that they will inadvertently click on a phishing email.
Each organization is only as strong as the weakest, unprotected home router in its highly distributed network. It is difficult for IT to enforce standards, and to ensure that all devices and software are up-to-date and secure.
Working from home on the scale produced by pandemic public health measures has led to many uncontrolled, unmonitored and insecure access points, making organizations even more vulnerable.
2. Meeting virtually
Love it or hate it, the virtual meeting is here to stay. Long touted as an efficient and cost-effective way to gather, e-meetings have now come into their own out of sheer necessity. To some, it is a blessing: no more pointless, mind-numbing, low-productivity committee meetings (or if there are, multitasking is easier and there is no commute required).
For others, though, the richness of face-to-face communication is lost, as are opportunities for informal but often important conversations. It becomes more challenging to relate to one another, especially for newcomers to the organization. Zoom fatigue is real, distractions are inevitable and performance suffers. Paradoxically, employees end up spending more time meeting on a virtual platform than perhaps they ever did before. “You’re muted” has become a rallying cry!
The pandemic has led to more virtual meetings and a resulting loss in productivity, culture and communications richness. The lower the perceived value of the meeting, the more likely it is to remain online post-pandemic.
3. Keeping data private
Pre-pandemic, consumers were most concerned that their personal information would be stolen by hackers. While this concern remains, the growth in online commerce means that we are forced to share our data and create online profiles for virtually every product and service consumed; even hairdressers, if still operating, often require customers to create online accounts to book appointments and virtually sign COVID-19 waivers ahead of services.
However, consumers are more concerned about the uses of their data now and after the pandemic. There is a call from the American Bar Association, among others, for individuals to own and control their data, and to obtain credible assurances that they will only be used for the purposes agreed to, not sold without permission, and deleted, discarded and destroyed at their wish.
Data ownership has permanently changed, and government regulations need to be in place and enforceable to protect consumer information and guarantee privacy. Consumers should be confident that organizations have data destruction or erasure protocols in place to protect their privacy when they no longer wish to transact with the organization.
4. Redefining culture
Culture is often an organization’s most powerful asset. It has the power to catalyze and create long-term value (financial and otherwise) in organizations. Culture binds employees to each other and to a purpose.
Culture is transmitted in a number of formal and informal ways, explicitly and tacitly: face-to-face meetings when employees chat, corporate events, orientation days and informal socializing during and after hours. Pandemic health measures have constrained this communication. Acculturation — the acquisition of and acceptance into the organization’s culture — has become even more of a challenge.
Employees may feel alienated, alone and adrift. Their organization’s culture itself may have changed. As a result, creating and sustaining a culture that promotes high performance may become challenging when rich, interpersonal interactions are constrained.
Post-pandemic, it will be challenging to recover an organization’s culture and to develop a new one that takes into account the post-COVID reality.
5. Managing and controlling transformation
Management controls are one side of a two-sided coin, the flip side being risk. Systems are designed, implemented and monitored to ensure that risks are eliminated, mitigated or accepted. Before COVID-19, businesses had developed contingency plans for a variety of risks which, ironically, even included pandemics.
Pressures to accelerate digital transformation have led to early adoption of technologies like artificial intelligence. These technologies are not without their risks, as a number of recent incidents have shown.
However, during this pandemic, we have realized that even the most extreme events became likely. As a result, principal risk integration and the newly realized goal of supply chain resilience have gone well beyond the bounds of the organization to include all elements of the supply chain and an organization’s many stakeholders.
By: Michael Parent
Professor, Management Information Systems, Simon Fraser University
Michael Parent does not work for, consult, own shares in or receive funding from any company or organisation that would benefit from this article, and has disclosed no relevant affiliations beyond their academic appointment.