A four-day working week still requires seven days security
Concerns around security implications of a 4-day working week
With a new year comes the opportunity for change. While many of us set resolutions and attempt to build healthy habits, companies are also carefully considering ways in which they can improve how they do things.
Of late, many of these aspirations have centered around enhancing the employee experience (EX). From evolving onboarding processes and encouraging candid communications, to creating a process of genuine and meaningful performance reviews, organizations taking a proactive approach to EX have made a vast number of improvements in recent years.
Jon Fielding is Managing Director for EMEA at Apricorn.
As a recession now looms and skills gaps grow further, EX is a trend that will only continue to gather momentum as business leaders seek innovative ways in which to attract and retain top talent.
To this end, shorter working weeks are being trialed by a rising number of enterprises. Indeed, non-profit 4 Day Week Global announced in October 2022 that it had helped 60 North American firms cumulatively employing more than 4,000 people to make the shift to a four-day working week.
From reduced costs to happier employees, the potential advantages are well documented. And while employee wellbeing is often at the heart of the four-day week, the fact that there is no loss of pay accompanying such initiatives suggests there won’t be any softening of expectations in relation to employee output and performance.
In this sense, a four-day working week will often mean cramming 40-hour workloads into 32 – feasible for some, but a reason for concern in cases where this is simply unrealistic.
There is a threat that such a vast change could actually add to the risk of burnout among those employees looking to seek reprieve in high pressure professions, resulting in certain responsibilities being swept under the rug in areas where corners simply cannot afford to be cut.
With the same responsibilities and less time to complete them in, something must give – and it won’t be those core activities upon which an employee’s individual performance is judged. Indeed, proper security practices will very quickly be lowered in priority among overstretched, pressurized workers operating in a shorter week.
Such an outcome would likely further exacerbate the security issues associated with human actions and errors.
According to the World Economic Forum’s 2022 Global Risks Report, 95% of cybersecurity issues can be traced to human error. Be it poor password management, device misconfiguration, delayed software updates and/or a general lack of understanding and awareness of safe practices, there are several vulnerabilities at play – and threat actors know it. Indeed, they are actively exploiting the shortcomings of individuals through phishing campaigns and other social engineering techniques.
Cybercrime is at an all-time high
Now more than ever before, it is critical that sound security practices are not undermined.
The COVID-19 pandemic brought about years of change in the ways in which companies operate. According to a 2020 McKinsey Global Survey of executives, organizations accelerated the digitization of their customer and supply-chain interactions as well as their internal operations by three to four years in the space of just a few months. And that trajectory only continued through 2021 and 2022.
Again, the merits of this rapid digitalization have been well documented, yet this transition has changed the cyber landscape significantly, opening up a broad new range of attack avenues to increasingly innovative threat actors.
The statistics speak for themselves. In 2019, the global cost of cybercrime was $1.16 trillion – in 2022, that figure increased sevenfold and then some to $8.44 trillion.
The real-world impacts associated with these statistics have become ever more worrying. Just last year, Twitter confirmed that data from 5.4 million accounts on its platform had been stolen, while major Australian telco Optus also suffered a breach compromising the details of 11 million customers.
Inspiring employees to care about cybersecurity
With Statista forecasting that the cost to the global economy stemming from cybercriminal activities will almost triple in the next five years, the threat landscape is only expected to get worse.
It is therefore critical that any organization considering moving to a four-day working week considers the implications that such changes will bring and ensure that they do not undermine digital defenses.
Entities should look to develop several comprehensive security policies and work to maximize awareness of these among the employee base, ensuring that the risks associated with particular tools, actions and devices are well understood.
A policy which stipulates that only IT-approved devices should be used to connect to the corporate network should be instated, for example. Equally, employee access should be restricted through the principle of least privilege – a core aspect of zero trust strategies that ensures users only ever have access to the software and systems they truly need to do their job effectively.
Such rules are particularly pertinent for those employees opting to work extra hours remotely and into the evening as they adjust to a four-day working week.
That said, it is essential that any security policies do not impede employee productivity. If individuals find policies too difficult, complicated or confusing to follow, they may well resort to using non-sanctioned tools and devices which circumvent IT departmental control, and result in additional risks to corporate data.
In a 2022 survey, we found that the core reason that remote policies weren’t followed was due to employees not prioritizing security practices despite being informed about them (51%), or because they are using personal devices for working purposes (40%).
If companies are to ensure that security isn’t undermined with the introduction of a four-day working week, these malpractices cannot continue. Therefore, policies need to be straightforward to follow, and awareness of their importance must remain high.
Balancing priorities
As the democratization of the workforce continues and the importance of EX grows as a boardroom priority, initiatives such as shorter working weeks are only expected to increase through 2023.
With this in mind, it is vital that enterprises work to develop a culture that makes security a priority.
By considering the implications of major changes, organizations can map out operational strategies in a manner that won’t ultimately leave them vulnerable to potentially devastating attacks.
According to IBM’s latest data breach report, the average cost of a ransomware attack was $4.54 million in 2022. Simply put, there is no point implementing a four-day working week in the aim of enhancing productivity by 5, 10% or 20% if that ultimately leads to poor data practices and expensive data breaches that can decimate a company in one foul swoop.
Considerations must be balanced. By placing security high in priority, protection and operational improvements can be achieved simultaneously, allowing EX to flourish without undermining increasingly critical security policies.
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
Jon Fielding, managing director EMEA, Apricorn.