Teleworking, a new challenge for HR directors
1. What the health crisis has changed...
According to a survey conducted by the Mercer firm, "reticence about teleworking should be disappearing after the COVID-19 crisis." In just two months, teleworking has shown its effectiveness, particularly in the service sector, and many companies are now considering developing it, or even making it durable.
While some of them are more or less ready for this new organization, many have realized that, even far from their usual workplace, their employees can be efficient only if they have the right tools and if their managers give them more autonomy and responsibility.
The game changed within a few weeks. Continuity of operations prevails over difficulties, forcing HR managers to tackle new projects, taking on the role of strategic advisor to their General Management. As a result, companies have greater need for HR talent to implement teleworking and support managers and their teams.
2. Why should teleworking be developed and established on a long-term basis?
The health crisis became an accelerator of current developments. Before COVID 19 and the strikes of 2019, only 7% of French employees were teleworking on a contractual basis. A new CSA study from Malakoff Humanis reveals that 39% of employees in companies with more than 10 employees are currently teleworking.
At the same time, a report by the firm Valoir reveals that the abrupt shift to teleworking has had almost no impact on productivity (1%), with more than a third of workers stating that they are concerned about the security of their job security and company viability.
However, telework is not a suitable model for all employees or employers. It creates new challenges in terms of the company digitization and management. According to a recent survey by ANDRH, the human, organizational and economic impacts of the crisis will be considerable and HR directors will play a key role to support organizations and their employees in these new professional practices.
Although teleworking is enshrined in law, few companies are really prepared for it in general. Many of them are still thinking about its impact on their remuneration and training policy, the competitiveness of their teams and the maintenance of social dialogue. In addition, they are seeking to professionalize their approaches by equipping their employees. Teleworking depends above all on information and communication technologies, and the lack of equipment or the choice of insufficiently reliable tools can have a negative impact on the employees’ productivity or even make some tasks impossible.
Companies must therefore ensure that each employee is properly equipped: phone, high-performance computer, quality Internet connection and other collaborative tools... The implementation of this equipment, which offers working conditions almost similar to those of the company's offices, is however accompanied by the dematerialization of procedures and a significant security risk. A risk that must be controlled to avoid considerable damage and loss of productivity.
This is mainly the case for network connections and remote access, while a study by CyberArk has just revealed that 85% of French teleworkers use personal devices that are not secured and not managed by their company's IT and that 90% reuse the same passwords for all the applications and devices.
Providing employees with secure access to helpdesk services to enable them to work without hindrance and without any drop-in performance is therefore a real challenge for CIOs who, alongside HR and managers, will play a leading role in implementing these new modes of collaboration.
3. The need to secure access and use of remote workstations
Identity and access management (IAM) is one of the primary concerns of an CIO or CISO.
While we all have a physical identity, we also have a digital identity, and organizations need to know their users and what levels of access they have been assigned to access the applications and resources they need within their IT infrastructure. They establish rights and restrictions for anyone who needs to use their network. Those privileges access management (PAM) is a real challenge.
Thinking that one's own employees may be a potential source of threat may be questionable, but the reality is that a significant proportion of data breaches are related to employees’ access IDs. Why? Because even though most users have no intention of deliberately putting their company's security at risk, but they may lose their IDs, have them stolen, or inadvertently share them with others.
A good management of administrator rights is therefore the first condition to ensure the company's IT security (while being an obligation according to the ISO 27001 and GDPR regulations related to the notion of compliance).
Thus, when it comes to access management, it is important to ask four questions: who accesses my system? What privileges do these people have? What do they use their access for? When do they do it?
Three processes combine to achieve this: identification, authentication and authorization.
Furthermore, as digital identities are constantly evolving within an IT infrastructure, it is important to manage them with flexibility and responsiveness, thanks to an advanced password management tool.
User account administrators are often overloaded with trivial requests: temporary increase of rights (20 to 50% of hotline calls), password changes... This influx of administrative tasks takes up a lot of their time and deters them from their main mission in the event of an incident. In addition, it creates an opportune environment for hackers who would like to pretend to be collaborators and acquire rights that they are not eligible for (80% of attacks involve privileged accounts).
SESAME is an effective response to this problem of optimal use of skills and resources because it allows end users to solve simple problems related to the management of their accounts themselves, without having to resort to the helpdesk.
A true solution for managing privileged accounts based on Blockchain technology, SESAME allows the automation of the most frequent requests such as unlocking a Windows user account, temporarily increasing rights or changing passwords from a mobile phone, reducing the associated support costs by more than 35%.