Ben Bulpett, EMEA Director, SailPoint, discusses how Coronavirus is forcing the issue of cybersecurity during the ‘flexible working revolution’
Most of us should be following Government advice to work from home at the present time and adhere to the ‘social distancing strategy’. It’s the policy most government departments should be taking in these unprecedented times.
But even when things return to normal, we should find the public sector a ‘flexible’ friendly workplace for its staff. One of the advantages of local and central government careers is the willingness to accommodate employees with a diverse range of needs and requirements, which necessarily leads to flexible working practices.
Since June 2014, all UK employees have had the right, by law, to request flexible hours. Carers and parents have had the right to request flexibility for dependents since 1996. According to the Office of National Statistics, in 2018, 42% of public sector workers said they took advantage of flexible working.
By comparison, only 21% of private sector staff said flexible working was part of their agreed working patterns. But in contrast, only 3% of public sector workers report that they work mainly from home, compared with 17% in the private sector. It’s a glaring discrepancy seeing as the public sector are so keen on flexible working. Why is this so?
Working from home
More than 1.54 million people normally already work from home in the UK – a two-fold increase from ten years ago. The BBC found there has been a smaller increase in the number of people who work in different places but with their home as a base. That number has increased by around 200,000 in the 10 years between 2008 and 2018 to 2.66 million.
So why is the culture different in the public sector? In local and central government, there is a culture of ‘presenteeism’, where people who are working should be present and available in the workplace. There is also a general mistrust of home working that emanates from the general public – are you really doing a productive job if you are sat at home?
Yet recent studies show that remote employees work 1.4 more days per month than their office-based counterparts, resulting in three additional weeks per year. A global poll from 2018 by data and insights company Kantar found a third (32%) valued a job where they could work from home.
Events like Work Wise Week (12 – 18 May) and National Work from Home Day are changing perceptions, even in the public sector. A Civil Service Smart Working Code of Practice aims to put an obligation on all central government departments to implement smarter working, including home working, by 2022, with 70% aiming to do this by the end of this year.
A technology shift
In many ways, home working practices are more ingrained in the private sector. Apple, Google and Amazon are the latest tech giants who have asked their staff to stay away from the office and work from home. For these companies, a change in working practices is relatively simple. They are well suited to technology to make homeworking possible. For other companies, the coronavirus crisis has been a wake-up call to update their practices and infrastructure.
Staff can also work from an increasing number of public spaces, including coffee shops, libraries or co-location working hubs. But working remotely or from home is not anywhere near as cyber secure as being in an office. A lot more preparation is required to coordinate the activities of employees and ensure systems are able to support a critical mass of staff working remotely at a moment’s notice.
All this additional demand for remote working places strains on the existing office and telecoms infrastructure. For the office environment, having hundreds, if not thousands of additional home workers will test an organisation’s server capability and its VPN bandwidth. It will also distract IT professionals’ time and attention away from potential cyber security threats. Do public sector organisations have the internal capacity to match the home working demands for the next five to ten years?
More generally, for those workers at home, in cafes and co-working spaces, the question they need to ask is ‘how secure is the Wi-Fi connection that I’m working from?’ They are now reliant on a third-party service and who knows who is sitting on the next table or the opposite booth to snoop on their email. It gives malicious actors and hackers the potential to the access critical public sector data.
The identity factor
The easiest point of entry to any organisation is their users – that includes employees, contractors, virtual workers, freelancers, bots and contingent staff. The hardened security perimeter no longer exists. We are now in a perimeterless world where anyone can access anything from anywhere.
It is forcing companies to take a ‘zero trust’ approach to the ever-expanding cyber-attack surface. This is the ideal time to turn to ‘identity’ as a solution, especially when combined with the power of Artificial Intelligence (AI) and Machine Learning (ML) tools.
Access should now be based on securing enterprise systems at the core and providing privileged access rights to only the most secure personnel. AI and ML tools can spot patterns, based on previous usage history, to alert to suspicious behaviours. The latest identity solutions can provide geolocation alerts if a user sends an email from Brazil, yet is supposed to be in Basingstoke, for instance. Or recognise abnormal access or download activities that aren’t typical for the role or individual in question.
But in order for the public sector to undergo a successful digital revolution, it needs to start with security – and identity governance. Once that foundation is in place, and they are able to see everything, govern everything and empower everyone in their organisation, then they can focus on the more fundamental business changes that need to happen.
It is time public sector organisations started using the right tools for the job. The key objective for any IT professionals is to protect their organisation and its personnel from cybersecurity breaches. It is a 24/7 operation as hackers never sleep. It is the IT manager’s job to ensure their staff, their organisation, and especially the chief executive, can rest easily without worrying that their IT system is going to go bump in the night…