The pandemic has fundamentally changed the way New Zealanders live and work, and escalated the risks we face online.

Cyberattacks have increased throughout the pandemic as scammers look to capitalise on both the shift to remote working and people spending more time online. Kiwis are aware of this too, with identity fraud and hacking and viruses emerging as the top two concerns in the 2021 Unisys Security Index.

To explore the impact of these abrupt changes to the way we live our lives and our growing reliance on digital tools, Unisys has taken a deep-dive into two areas that impact our work and home life today:

  1. How do employees feel about being monitored by their employer while they work from home (WFH)?
  2. Who is responsible for protecting employees working from home, and the data they access, from cyber security threats, and are employees up to the task?

Working from home and technology

Although the essential technologies for WFH have been introduced piecemeal over the last decade, 2020’s global-scale lockdowns forced a rapid adoption and integration of these tools, as well as a redesign of work practices, all while battling non-technology barriers such as trust and management style, which prevented it happening earlier.

Our old workplace habits persist, even where they’re a poor fit to the changed environment. Managers, used to having daily eyeball-to-eyeball contact with their reports, look for ways to stay across the operations of their staff. This has quickly become a new area of contention, as employers try to deploy technical solutions to what are, in essence, human questions of trust, transparency, and power.

Six in ten Kiwis are not comfortable with employers monitoring their login and logout times when they’re working from home. Even though employees are monitored more-or-less continuously when in the office: badging in and out of areas, logging onto office IT systems, etc., respondents clearly want to draw a line around their homes.

I may work in my home, respondents say, but that does not give you, my employer, permission to surveil me in my own private space.

Increased security threats for businesses

At the same time, WFH means that the security threats to the business have suddenly multiplied dramatically, producing significant confusion around who is responsible for securing corporate information.

Almost two-thirds of those surveyed believe it is the individual’s responsibility to keep data safe – yet three-quarters of them don’t know who to contact to report a data breach.

Here we hit a paradox: WFH has empowered employees to make decisions and take actions that could be dangerous to the business, exposing the business’s confidential information or the personal information that it is obliged to keep secure. Yet employees resist the kind of continuous monitoring that would help detect and potentially thwart attacks before they cause significant damage.

This highlights a dangerous ‘trust gap’ between employer and employee. Because neither trusts the other enough, neither feels able to offer the other the kind of support needed to ensure the safety of both.

The research findings show we’ll need more than just great technology to face the future, we’ll need transparency, trust and empathy in equal measures. The findings signal a need for new, outcome-based approaches to performance management and open conversations about privacy, acceptable purpose, trust and permission, Unisys experts advise.

Time for a new approach

According to Leon Sayers, director of advisory at Unisys in Asia Pacific, “Privacy is a top concern and people are protective of their home space.

While for many people, working from home offers benefits of less commuting time and better work-life balance, for others it is an imposition necessitated by the covid-19 response. Being mandated to work from home is not the same as volunteering for it. Employers must gain trust and permission to introduce monitoring technologies into that space. A two-way discussion is critical to successful organisational change management. And just because the technology allows you to do something doesn’t mean it is always appropriate.”

Sayers says it is time to re-think how managers monitor performance and productivity. “First you need to look at the type of role. What is more critical – the input (time spent on a task) or the output (the deliverable). For example, using technology to monitor how quickly call centre staff working from home answer a call and resolve a customer’s problem is a key metric of the role and service delivered to the customer. Whereas for other ‘knowledge’ jobs it would be more relevant to measure if they delivered something of the agreed quality by the required deadline – you don’t need to know when they logged in or how long it took them,” he said.

Leon Sayers, director of advisory at Unisys in Asia Pacific 

Not all monitoring is ‘Big Brother’

Some monitoring measures offer positive benefits to employees, such as monitoring software response time so that the IT team can proactively fix impending issues before they impact you. That’s called ‘intelligent IT support.’

Or IT managers might use facial recognition technology to quickly confirm, without you needing to re-enter your password, that it is you sitting at your laptop, and not another family member.

“But adding new function and purpose to an existing tool requires a fresh conversation,” says Sayers. “We accepted webcams at home to aid collaboration – not security.”

Sayers says that employers need to lead open discussions about the intended purpose and benefit of such measures if they are to be accepted in the home workplace, as willingness to use a technology is critical to the successful roll out of any digital transformation.

Personal experience drives privacy agenda

The 2021 Unisys Security Index found that the top three security concerns for New Zealanders are data/privacy related: identity theft (52% of New Zealanders concerned about this issue), hacking and viruses (51%) and bankcard fraud (49%).

Whereas natural disasters, including pandemics, had been the top concern in 2020, concern about hacking and viruses and identity theft recorded the greatest increases over the last year.

Andrew Whelan, vice president client management, Unisys in Asia Pacific, said, “Consumers’ concerns are driven by their personal experiences. CERT NZ reports that phishing and credential harvesting remains the most reported type of cyber incident, and that ransomware is the fastest-growing category.

Last year’s fears of the unknown around covid-19 have been replaced by concerns about data loss, identity theft and privacy threats that many Kiwis have personally experienced over the last year. This will have factored into employee unwillingness to allow employers monitor them when working from home.”

It's important to remember that everything feels scary when we first encounter it. When we take the measure of a new technology, we cut our own fears down to size. The pandemic forced so many first encounters on us – at home, in the home office, and in the home school – we have suddenly become sensitised to all of the potential threats presented by all of these new situations and tools. Our anxieties about work and the post-pandemic future have attached themselves to our need for (and the dangers of) continuous, productive connectivity.

As we’ve learned from the history of the Unisys Security Index, our red-hot ‘new normal’ will quickly cool to just plain ‘normal’, as individuals and institutions move toward new levels of understanding and comfort with our new ways of working. We can and must learn how to trust one another in our work environments.

In this decade, ‘fortune favours the flexible’. Organisations that can adapt to change will emerge from the pandemic with both the capacities and the vision to navigate an era of increasing dynamism.

Find more results and information on the 2021 Unisys Security Index here.

Unisys is a global IT solutions company that delivers successful outcomes for businesses and governments. Unisys offerings include digital workplace solutions, cloud and infrastructure solutions, enterprise computing solutions, business process solutions and cybersecurity solutions across commercial, financial services and government markets.