How firms can better manage emerging risks from remote working

The protracted Covid-19 pandemic has transformed permanently the world of work.
The protracted Covid-19 pandemic has transformed permanently the world of work.PHOTO: ST FILE

SINGAPORE - The protracted Covid-19 pandemic is no longer just a disruption to the way we work but has transformed permanently the world of work.

As we distil the learnings from 2020 to prepare ourselves for a pandemic-resilient workplace, the future of work is shaping into a hybrid model that optimises employee flexibility, autonomy and performance across locations.

While much attention has been focused on enabling virtual teams through technology, it is important to balance the risks of remote working with productivity and agility.

A recent paper by the Monetary Authority of Singapore and the Association of Banks in Singapore identified two key categories of risks for financial institutions. These are operational risks and people and culture risks, which all companies across sectors should note as they digitalise their businesses.

How might companies better manage these emerging risks as they grapple with the embrace of remote working in the digital age?

New risks are here to stay

Organisations will need to confront the technological, operational, legal and compliance risks that arise from a hybrid work model.

A change in an organisation's control environment - such as when the majority of its employees perform their roles remotely - can introduce additional information security threat factors.

For example, virtual workplaces can be at risk of increased cyberattacks on an external network, potential leakage or misuse of confidential information, identity theft and employees circumventing work processes and controls against compliance guidelines.

In a virtual work setting, enabling employees' remote access to internal systems is a requisite. Companies must find a balanced and measured approach to cybersecurity safeguards which work for their operations and which do not compromise their risk controls or business productivity and agility.

According to the UOB SME Outlook Study 2021, 75 per cent of SMEs have adopted digital solutions in at least one area of business. As companies continue to digitalise and operate a predominantly virtual workforce, they must reassess their risk profiles and identify the digitalisation opportunities to improve organisational workflows and the customer experience across touchpoints.

This is vital as companies' exposure to cybersecurity risks linked to supply-chain partners and third-party suppliers will only increase with more digitalised interactions and channels of data collection.

As a starting point, companies should look at incorporating additional digital authentication tools to mitigate risks such as customer fraud and identity theft.

For example, at UOB, our strong risk culture underpins the professional conduct we expect from our people and our processes whether we are working in the office, within a branch or remotely.

In the wake of the pandemic, having a robust technology infrastructure enabled us to scale up our digital infrastructure quickly to support a hybrid working model while adopting a range of security measures.

These included stepping up security monitoring and implementing web isolation to enable a protective layer between the bank's systems and the internet. Instead of blanket permission for all staff to access UOB's systems remotely, we created different risk profiles to ensure that remote access to technology applications and tools is given to employees in a considered and secure manner.

Building a strong risk culture

Having a workforce that understands the new risk elements in their work environment will go a long way to support a robust risk culture.

Training programmes should be put in place to ensure that employees and customers are educated on security awareness to minimise security risks and to remind staff of the importance of upholding the company's risk culture.

As an added measure, companies should also seek out active engagement with technology leaders to gain a deeper understanding of emerging trends and innovations as well as to future-proof their operations.

They can do this through participation in industry committees and working groups such as the IT Standards Committee made up of industry volunteers driving infocomm standardisation activities in Singapore.

Ensuring a resilient workforce

Operating virtual teams in a permanent setting is transforming the risk landscape for businesses everywhere.

From incidences of cyberattacks to the lack of resources to support off-site work, the ongoing remote working experience has highlighted how traditional risk management processes need to step up to meet the new workplace reality.

Beyond remote working, new workplace arrangements such as flexible working, job sharing and global talent collaboration will be future themes that need to be factored into extending a robust risk culture.

As increased remote work hours become commonplace and colleagues meet each other in-person less frequently, there is a higher risk that employees may experience deterioration in health and mental well-being as well as their connection with colleagues and corporate culture.

Companies should review their employee engagement and wellness programmes to ensure that they have the necessary resources in place to support their people's holistic well-being in the age of hybrid work.

At its core, we need to recognise that risk management is not about micro-managing the last crisis but rather, applying learned principles to mitigate the next risk event.

The shift towards a hybrid work model will continue to redefine the risk landscape for businesses and those that fail to act quickly to recalibrate their risk management strategy may be left behind.

• The writer is the group chief risk officer at UOB.