by Rick Grinnell

Return to the office: Organizational resiliency and the new normal

May 24, 2021
Remote WorkSecurity

The WFH pivot was remarkable, but workplace re-entry creates a new set of challenges for business leaders.

Co-workers use protective face masks and glass partitions in a post-COVID workspace.
Credit: Mixetto / Getty Images

Over the past 14 months, organizations have had to navigate the abrupt discontinuity caused by COVID-19 and the ensuing regulations. Today, sports fans are returning to arenas and students are back in schools, but most office workers are still on work-from-home orders. Returning to the workplace will constitute a new normal, but what will that look like in an unknown post-COVID world?

I spoke to several CEOs, CIOs, and CISOs (all in the US) to understand how they fared over the past year – what went right, what didn’t go so well – and to learn their plans for reopening their offices for the majority of their employee base. The executives represent a cross-section of some of the most forward-thinkers in financial services, insurance, media, and technology. The comments I heard demonstrate the resilience and adaptability of corporate America. 

Positive takeaways from the past year of work-from-home

While the pandemic affected everyone, it didn’t impact every company or industry the same way. Across the board, however, business leaders said that despite the tragedy of the situation, there were several positive outcomes. In particular, the forced remote work environment accelerated their corporate digital transformation, making them more competitive and putting them in a dynamic position sooner than planned.

In addition, businesses quickly learned that WFH did not reduce productivity or quality. As one executive stated, “We were back to nearly 100% productivity – in some cases even more – in just a few days, with the exception of the call center. And we got them back to 100% in less than two weeks.” 

Given this sustained level of productivity with decentralized employees, another executive stated, “My company now knows that we can hire the best people anywhere, not just those that are within driving distance to our offices. This is a big shift in thinking for us.”  Finally, a few conversations pointed to the fact that security architectures were improved and evolved faster than originally planned to accommodate WFH behaviors, ultimately enhancing the organization’s security posture greatly.

Security challenges

On the other side of the coin, the past year brought many security challenges that needed to be addressed quickly, with social engineering around coronavirus as a top concern. According to one CISO, “Work from home increased the need for access analytics and social engineering training to combat the 7X increase in COVID-related social engineering scams targeting workers.”

Insiders also created problems for security teams. As one executive stated, “Many of our employees would forget to log off of the corporate network before browsing the web on their personal time. We had to address the spike in inappropriate URLs and content being requested on our networks.”

Both the high volume of attempted attacks and the shift in behaviors and threat tactics caused security teams to quickly shift projects and budgets unexpectedly. This resulted in burnout for security team members – not only were they sprinting to address cybersecurity concerns but they, too, were working remotely with the same WFH burdens all employees were juggling.

Beyond the obvious security issues, executives mentioned that WFH more clearly demonstrated the inequity across the employee base, with certain employees struggling with limited technology and network access at home, which required a rethinking of employee-focused budgets and asset allocation. 

Overall, however, all of the executives I spoke with believe that they are now in a much better position than they ever were from a technology, management, and process perspective. 

Moving to the new normal

As COVID-19 numbers decrease and vaccinations increase, many companies are now ready to welcome back employees to the workplace. But the issue is how to do so safely – or if they even need to bring the entire workforce back. The executives that I spoke with mentioned that their leadership and boards have determined that there should be no rush to bring employees back into the office. With WFH productivity levels high, there isn’t an urgent need to bring them back and create a health risk.

However, these decisions vary from region to region, given the COVID-19 numbers and local regulations. As one executive put it, “What we do in Sydney or Austin is very different than the choices we’ll make in Boston or New York.”

At the same time, providing as much flexibility and employee happiness as possible is a top priority. “We need to hire and retain the best people possible,” one of the executives said. “Forcing people to come to the office, or the opposite of forced WFH, runs contrary to that goal, so long as we maintain the quality of work.” 

Many companies – and this is also my experience from the start-ups I invest in – believe younger employees are the most eager to return to the office. They see the office environment as important to their social life. It is this group of employees who found working at home most challenging for a variety of reasons – living with roommates in differing work situations, feeling isolated living alone in a small apartment, or the loss of working together as part of a team.

New challenges ahead

Given that the new normal baseline will see dramatically different physical and cyber behaviors, new challenges lie ahead. As some employees return to the workplace full-time while others remain in a hybrid mode or full WFH, both physical access control and network behaviors will vary greatly from day to day. Whereas a year ago, security teams had to quickly adapt to WFH behaviors, the focus going forward will be on oscillating profiles of both physical and network access.

The theoretical return date for most of the executives I spoke with is September. (Only one said they’d be back in June.) Regardless of the timeframe, the primary challenge they are all facing is deploying scheduling software to ensure that only the right employees can be in the building during a certain set of hours in order to manage capacity levels and monitor visitors. The second priority is outfitting meeting rooms to make it easy to collaborate with WFH employees. “We weren’t using Teams or Zoom much in our conference rooms previously,” one exec stated.

While COVID-19 status is not something that any of these leaders wanted to maintain data on – “Who wants to have HIPAA regulations slapped on them by storing vaccine or testing status inside the organization?” – there was some interest expressed by some in the group for third-party data services that could provide a red light or green light for both employees and visitors entering the building. This could create security risks by having to ensure third parties are following data privacy and cybersecurity models that fit organizational standards.

Discussing a return to the workplace is a good sign that some type of normal lies ahead of us, but we really won’t know the full implications of how that transition will work. For these executives who worked tirelessly over these past months to enable WFH, the work to set the ground rules for RFWFH (Return from WFH) is just beginning.