Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


02:00 PM
John B. Dickson
John B. Dickson
Connect Directly
E-Mail vvv

How Company Cultures Dictated Work-from-Home Readiness

Companies large and small are discovering just how prepared they were for all employees to work remotely

The past few weeks have been a blur. I've eliminated the word "unprecedented" from my vocabulary. I've become a Zoom subject matter expert and have had far too much fun applying unique Zoom backgrounds to surprise my colleagues. I've not traveled for four weeks, which is the longest spell without travel in memory. Instead, I've worked from my home for two weeks with no end in sight. 

This radical shift could not have come at worse time for me and my colleagues at Denim Group. We had just closed one of the busiest weeks of the year at the annual RSA Security Conference and ran smack dab into a pandemic. My previous articles on the coronavirus seem to have been written in a bygone era. One sentence I wrote stands out: "As one attendee remarked, in a month we'll either laugh about how silly our fears were or we'll think attending RSA 2020 was the most reckless thing we've ever done."

With RSA well behind us, I can probably say with some level of confidence that I was not infected by the coronavirus while there. But in hindsight, it does seem attendance might have been, if not reckless, certainly questionable. We got a hint of what was to come less than a week after RSA, though; at least one security professional at RSA wondered how their VPNs would hold up when everyone worked from home.

I suspect this question has been asked in one way, shape, or form at virtually every organization in the last month. What we've witnessed throughout March is a shift that occurred in almost every company simultaneously. Some were better suited for the shift, while others are still struggling to support remote workers. I started to call it "work-from-home readiness," and, as vendors, we've had a chance to talk to hundreds of clients and prospects and have traded notes with other security vendors to obtain their perspective.

Here are some of the common reasons certain organizations were more prepared to support the massive shift from on-premises work to work from home:  

  • Business models: Certain companies were better suited to make the shift given their business models. For some, having employees working in an office was nice, but not necessary. Technology companies are the obvious candidate as they often already had distributed workforces and liberal work-from-home policies. In manufacturing, this is not the case. Absent of an entirely robotized assembly line, most manufacturing companies rely on employees to be present at their facilities to assemble product.
  • Business processes that broke: Although email and conference calling lend themselves to off-site work without friction, other business processes broke in unexpected ways. For us, it was US postal mail — we didn't have a process to accept mail with everyone working from home. This is important — some clients still pay via check. Our clients and prospects spoke of purchase order and statement of work processing, which require physical signatures in many cases.  
  • Technical debt: Likely directly related to the business models of certain companies, we've spoken to a variety that we thought would have the capability to work from home en masse but couldn't. Technical infrastructure constraints, including lack of VPN licenses, few employees with laptops, and lack of dual-factor authentication for remote workers all handcuffed companies and made them prioritize which workers get equipment first. 
  • Familiarity with remote tools: Suffice it to say, we are all smarter on Zoom, or your video conferencing solution of choice, than we were a month ago. Some organizations made the transition seamlessly as they already had a workforce who were comfortable with these technologies. Others had to learn in real time, putting a strain on internal IT support desk functions and lowering productivity across the organization. 
  • Culture: What's most interesting is the strong effect of corporate culture on an organizations' capacity to work from home. We've observed that organizations in the same industries have made the transition to work from home, while others have failed miserably. The common denominator is company culture. Certain organizations had flexible work-from-home policies as an employee benefit and were better suited to make this rapid transition. Others who had strong "on-premises" cultures were less prepared. By design, these companies discouraged working from home and emphasized the need for on-site collaboration. These companies are still struggling today to support their remote workers.

As we continue to muddle through working from home due to the pandemic, it's been fascinating to see how certain organizations have made the transition to working from home, while others have struggled. Common denominators, such as culture and technical debt, contributed, as organizations became intensely focused on uptime with minimal disruption. I expect that many of the changes that have been made by organizations will affect us long after the stay-at-home orders have been lifted.

For me and many of my colleagues, security is a day-to-day focus of these new, uncharted waters. The shift reminds us that security is part of a broader business resiliency discussion. Having the capability to work from home seamlessly and in secure fashion only strengthens the resiliency of your organization.

Related Content:

A listing of free products and services compiled for Dark Reading by Omdia analysts to help meet the challenges of COVID-19. 

John Dickson is an internationally recognized security leader, entrepreneur, and Principal at Denim Group Ltd. He has nearly 20 years of hands-on experience in intrusion detection, network security, and application security in the commercial, public, and military sectors. As ... View Full Bio

Recommended Reading:

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
More SolarWinds Attack Details Emerge
Kelly Jackson Higgins, Executive Editor at Dark Reading,  1/12/2021
Vulnerability Management Has a Data Problem
Tal Morgenstern, Co-Founder & Chief Product Officer, Vulcan Cyber,  1/14/2021
Register for Dark Reading Newsletters
White Papers
Current Issue
2020: The Year in Security
Download this Tech Digest for a look at the biggest security stories that - so far - have shaped a very strange and stressful year.
Flash Poll
Assessing Cybersecurity Risk in Today's Enterprises
Assessing Cybersecurity Risk in Today's Enterprises
COVID-19 has created a new IT paradigm in the enterprise -- and a new level of cybersecurity risk. This report offers a look at how enterprises are assessing and managing cyber-risk under the new normal.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2021-01-19
Mautic before 3.2.4 is affected by stored XSS. An attacker with permission to manage companies, an application feature, could attack other users, including administrators. For example, by loading an externally crafted JavaScript file, an attacker could eventually perform actions as the target user. ...
PUBLISHED: 2021-01-19
Mautic before 3.2.4 is affected by stored XSS. An attacker with access to Social Monitoring, an application feature, could attack other users, including administrators. For example, an attacker could load an externally drafted JavaScript file that would allow them to eventually perform actions on th...
PUBLISHED: 2021-01-19
A CSRF vulnerability exists in Anchor CMS 0.12.7 anchor/views/users/edit.php that can change the Delete admin users.
PUBLISHED: 2021-01-19
Bleichenbacher's attack on PKCS #1 v1.5 padding for RSA in Microchip Libraries for Applications 2018-11-26 All up to 2018-11-26. The vulnerability can allow one to use Bleichenbacher's oracle attack to decrypt an encrypted ciphertext by making successive queries to the server using the vulnerable li...
PUBLISHED: 2021-01-19
Pixelimity 1.0 has cross-site request forgery via the admin/setting.php data [Password] parameter.