45.6 F
Washington D.C.
Friday, February 23, 2024

Navigating Old and New Threats as Employees Return to Office Post-Pandemic

The past year and a half unfolded differently than business leaders envisioned when most workplaces shuttered or moved to remote work at the start of the pandemic in March 2020. Though the global business landscape is inherently dynamic, few could have imagined the multi-dimensional challenges of a deadly pandemic, or how quickly it would dramatically alter entire segments of the economy. Now, as vaccination rates climb, public health measures are eased, and workers return to many offices, executives face both enduring and emergent security challenges that require a new approach.

While return-to-work conversations at many businesses have centered on vaccination, health mitigations, and revised remote work policies, executives must consider the second- and third-order effects of the pandemic on their business, recognizing that familiar challenges like workplace violence and employee wellbeing await in a new, evolved form due to COVID-19. Put differently, the threat landscape has become more perilous in the past year, with national crime rates rising and active shooter incidents continuing along a worrying upward trajectory. Executives must adapt to this elevated threat environment by “leading from the front” on security resourcing, incident and crisis management plan development, and overall program maturity, leveraging a “whole of leadership” approach that considers traditional security considerations, new and evolved threats, and workforce mental health.

To that end, security leaders facilitating the protection of business objectives must begin to both split their focus between the new “safety” reality (e.g., COVID-19-related risks such as a displaced, disenfranchised, and disgruntled work force or mental health impacts from prolonged isolation, adverse health impacts, or COVID-related life changes) and the post-COVID-19 security reality. In addition to the enduring challenge of insider threats, the past year and a half has witnessed increased kinetic protest activity that seems likely to return on a cyclical basis. In addition, the Jan. 6 attack on the U.S. Capitol represented a breathtaking example of the growing domestic extremism threat. With strained municipal budgets, public calls for reallocating law enforcement funding to other programs – despite objections from most mayors – and shifting societal views, organizations must become more self-reliant on incident response matters.

Corporate leaders need to work more closely with their leadership teams to embrace hard truths, both external and internal: financial distress, furloughs, and layoffs coupled with COVID-19-related mental health impacts are natural catalysts for employee burnout, up to and including personal crises that could result in an active assailant event. More complicated still, early detection of a troubled employee – either through HR screening or a concerned colleague – has been blurred by the extended remote work period for many organizations.

In building their response to this changed environment, corporate leaders must consider how to address challenges that are unique to a return-to-an-office environment for millions of pandemic-weary employees. They should consider leveraging a phased reopening to lessen the shock and potential impacts of return-to-office environments, allowing employees to slowly reacclimate to their commutes, being in close quarters with their co-workers, and separation from family. Similarly, organizations should move proactively to engage with returning employees, taking note of personal, medical, and family challenges that may have impacted their mental health and providing support services as needed. This outreach should be guided by human resource organizations but will likely require managers and supervisors to periodically check in with employees not only regarding their specific responsibilities or work products, but their overall health and the concerns they have about operating in an environment significantly changed by COVID.

Security leaders must also rethink how their traditional exercising practices and scenarios are considered and stress tested. Whereas pre-COVID-19, an organization might have tested its preparedness and response against an active-shooter scenario, a post-COVID-19 exercise must factor in a decentralized workforce, a stretched law enforcement community, an emergent domestic extremism movement, and an active populace potentially unsettled by a flare-up of the pandemic, social justice protests, or political violence. Business and security leaders must work together through steering committees or related processes to reinvigorate exercise planning by considering “crisis convergence” scenarios, such as a protest spilling into company property during a localized COVID-19 variant outbreak, leading to multi-dimensional concerns related to workforce health and safety. In some instances, organizations may want to consider hiring off-duty or retired police officers to enhance incident response capabilities, particularly if the organization has identified credible threats to its people or facilities.

Corporate executives are skilled navigators of the global risk environment, and many deserve ample praise for keeping their organizations afloat over the past year. At the end of the day, organizations need to be prepared to address both old and new risks to understand what is possible, what is likely, and what is most consequential. Contemplating new scenarios and approaching security program maturity through the lens of a deeply fluid threat environment will help shift the focus from what was understood pre-COVID to what has changed, is novel, and is unprecedented.

Chris Duvall
Chris Duvall
Chris Duvall is a Senior Director at The Chertoff Group, where he focuses on cybersecurity, critical infrastructure protection, and organizational risk management as part of the Strategic Advisory Services practice area. Mr. Duvall works with individuals across the critical infrastructure sectors to assess and improve their security operations and build effective, enterprise-wide risk management capabilities. Prior to joining The Chertoff Group, Mr. Duvall spent two years as a Federal employee, and ten years as a management consultant at Booz Allen Hamilton, supporting the U.S. Department of Homeland Security’s (DHS’) Offices of Cybersecurity and Communications and Infrastructure Protection. During this time, he led the coordination and outreach to companies working to understand and adopt effective risk management strategies such as NIST’s Cybersecurity Framework. He helped establish DHS’ cybersecurity program, the Critical Infrastructure Cyber Community Voluntary Program (C 3 VP), created to make cybersecurity resources available to organizations interested in improving their cybersecurity. Mr. Duvall was also the lead Federal official for critical infrastructure protection and cyber risk management activities for industries within the Information Technology and Communications Sectors. In this role he worked with government, private sector, academia and international organizations to develop programs related to enhancing IT and communications critical infrastructure resiliency. Prior to supporting DHS, Mr. Duvall was a Special Assistant to the Assistant Secretary for Political-Military Affairs at the U.S. Department of State, including during the tragedy of September 11, 2001 and the Operation Enduring Freedom campaign. Mr. Duvall is a Certified Information Systems Security Professional (CISSP), Certified Ethical Hacker (CeH), and certified cloud security professional (CCSK). He earned an MBA from the Robert H. Smith School at the University of Maryland, an MA from American University’s School of International Service and a BA in Psychology from Dickinson College.

Related Articles

- Advertisement -

Latest Articles