21 Jan _

How to Implement a Risk Management Plan for the 'New-Normal' Office

With the Coronavirus Pandemic there came a whole new world of Risk Management & Risk Assessment. But who knew that the Vaccine would also bring with it a headache of Risks that both Employers & Employees will have to manage? Let's take a look at what challenges the 2021 hybrid office brings to businesses.

Written by
Sean Edwards
Content Editor

Risk Management in the office workplace

NEW: Risk Management & Returning to the ‘Office’ after COVID-19 Vaccines

In 2021, the world will see masses of office employees never spend another 9 - 5 at their desk ever again.

Once COVID-19 forced the white-collar workers to work from home on a global scale, along with the eagerly anticipated news and subsequent release of Pfizer/Bio N Tech’s successful vaccine, employers have been required to not only rethink their approach to managing risk, but to how a ‘new-normal’ office will operate.

Throughout the new year we will see the dawn of mass reworked open-plan workplaces. As working remotely is expected to become the norm, together with reworked open-plan offices it will usher in the ‘new-normal’ hybrid office; a fluid office where employees can host socially distanced meetings for collaborations & projects (when government permits), whilst being permitted to return home to work in the comfort of their own office.

Encouraging staff to become proactive when it comes to organisation is essential to office workspaces; especially after business leaders told the WEF (World Economic Forum) they actually expected remote-working to be negative for future productivity, choosing not to acknowledge research to the contrary.

Of course, their concerns are natural business anxieties following COVID-19; according to research by accountancy heavyweight KPMG, an increasing amount of employers “are concerned about collaboration, innovation and long-term culture building within remote home-based teams” along with their employee’s mental wellbeing, since research suggests people are “tending to work longer hours from home than they ever did in the office”.

Many bosses share the belief that remote-working is a detriment to their business; where the benefits of being in a close proximity office are effectively lost, such as stronger dynamics between colleagues, curiosity, innovation, and other social perks that scientifically stimulate the office think-tank.

Employee safety remains the biggest hurdle towards a full return to the 9-5 office.

How reopened offices operate in practice will partly depend on who gets administered the vaccine first, with current plans utilising a staggered approach where older people and those most medically vulnerable are the priority - despite what you think would be common sense, actually has the potential to be a Risk Management/HR headache.

Businesses who prefer their office seats to be filled will likely be led by commercial requirement when deciding which employees to assemble back to the office, but others will find themselves inclined to bring back vaccinated employees first.

“Companies should tread carefully, some employees will not get vaccinated for religious, philosophical or health reasons, so companies could face discrimination claims” - Nikola Southern, Kingsley Napley law firm.

If older employees are allowed to return over younger colleagues, then “age discrimination claims could be on the cards” she says.

Currently, the UK government can’t legally enforce mandatory vaccination; it has said it will refrain from doing so entirely. So employers who might try and impose the vaccine on their staff would be treading a very fine line.

"Companies could face human rights challenges as well as potential liability if employees suffer side-effects as a result of being forced to vaccinate"

In a world affected by COVID-19, risk management strategies will have been in full flow, but with the coronavirus pandemic comes a whole new world of Risk Management and Risk Assessment.

Employers must now endeavour to protect their employees from potential harm, which includes taking reasonable precautions to protect staff from coronavirus. A COVID-19 risk assessment will help employers manage risk and protect staff.

Steps include:

  • Identify key work activity or social situations that might cause transmission of the virus.
  • Identify staff who would be considered high-risk.
  • Decide what the likelihood is that someone could possibly be exposed in the workplace.
  • Act swiftly to remove any risk activity or situation, or if this is simply not possible, then control & confine the risk as best you can.
  • Ensure employees have everything they need to work from home, including desk chairs that are optimised for correct lumbar support.
  • Remain pro-active if employers are implementing a 'fluid' office - organisation is required to track & trace employees.
  • Ensure all meetings are properly socially distanced.
  • Monitor employee mental heath & wellbeing - essential for remote workers.
  • Encourage COVID-19 vaccination rather than make it mandatory.
  • Plan out a return to work rota (when Gov. allows) - find a solution to douse any potential employee rifts with regards to returning to work.

Implementing practical measures like establishing social distancing measures, staggering shifts, and providing additional hand washing or sanitising stations can also help manage risk in the workplace.

Emphasise the need for revised thorough quality control and identify risks in any Supply Lines, especially as we descend into the ultimate stage of 2020 where the winter sales are crucial to retail success.

Check government guidelines for any new work safety or risk strategies you can implement at your business.

Use the momentum of this crisis to fortify your business in the long-term. The majority of retailers are affected by the coronavirus, much less so if they’ve completely digitised themselves. Be sure to identify, manage and control each risk and grasp every unexpected opportunity.

No matter the size of a company, if it conducts business online then there will always be an instance when that organisation’s website will be at risk.

Threats can include data breaches, GDPR violations, account ransoms, and even getting hacked by the likes of online vigilante groups.

It is imperative that company proprietors work alongside their IT Departments (or ply themselves with the knowledge) in order to secure their hub of operations.

Any period of system inactivity can be detrimental to eCommerce businesses, resulting in significant losses in revenue, whilst hacks can be potential fatal to a company’s data and resources.

Corrupted, withheld, or even leaked data will not only damage a company brand reputation, but can result in hefty fines following 2018’s new GDPR regulations.

What is Risk Management?

Risk Management is a procedure where a business identifies potential risks in advance, then analyses them in order to proceed with the necessary steps to reduce or halt the risk of the previously identified threats.

Eccommerce sites who undertake a thorough risk analysis generate a long-term strategy guide for its future; effectively safeguarding where possible, hardware, configuration, procurement, data, and more.

It can also contribute towards a business contingency/security plan.

What is the Risk Management Process?

The risk management process can be broken down into 5 key steps:

  • Identify Risk
  • Analyse
  • Evaluate/ Rank
  • Repair
  • Monitor & Review

The 4 Risk Management Techniques of the Apocalypse 

01. _ Avoidance

Avoidance technique are made for decreasing the probability that a risk will transpire. Obviously, the lower the likelihood of a risk, the better, therefore, it’s arguably the best method for managing risks.

Examples of Avoidance
Issue –
Implementing a new server will delay the launch phase of a new/rebranded website.
Solution – Delay the installation until after the rebranded website is launched.

02. _ Mitigation

The Mitigation procedure aims to reduce the impact that risks will create in the event one occurs. It’s usually executed in instances where the risk is significant and unavoidable.

Examples of Mitigation
Issue –
An overabundance of product orders over a seasonal period.
Solution – Order extra stock prior to promotional period, or enable a temporary drop shipping method via 3rd party.

03. _ Transfer

It’s in the name – Transfer techniques literally move the repercussions of a risk to an external party. Although, it does pose a possibility of complications, it’s effective for circumstances where the impact can be precisely measured and fully addressed by this third party.

Examples of Risk Transfer
Issue –
Risk that an employee will deliberately release consumer information at the detriment of a company.
Solution - Install Encryptions on company laptops, desktops, mobile devices & media, and truncate all sensitive customer information i.e. social security numbers, bank details, passwords, etc.

04. _ Acceptance

Risk Acceptance is an active process of readily accepting the consequences of a risk if it occurs. This might not sound a strategy at all, never mind a good one. This strategy is uncommon, but can be implemented due to how expensive other risk management options like avoidance & mitigation can prove to be. Businesses that are unwilling to spend a lot of money on avoiding risks that don’t have a high-possibility of occurring will most likely use this risk management technique.

Example of Acceptance
Issue -
A project not completed on time.
Solution – Increasing the deadline for said project.

Is Risk Management & Risk Mitigation the same thing?

No, Risk Mitigation is simply an element of Risk Management; Mitigation a method which would be applied if its criteria met the needs of a business.

The Best Risk Management Technique for Ecommerce Sites

how to protect ecommerce websites against hackers

Avoidance and Mitigation are the most effective risk management procedures when it comes to eCommerce. Thorough planning prior to new & existing ventures or projects is best for business.

Although, not every business is the same. Cost restraints can be a major factor in selecting Risk Acceptance technique, or perhaps companies that lack the manpower or time to tackle risks would vie for Risk Transfer, so another party could solve any potential or active threats.

The very definition of risk management is choosing an option based upon the size and complexity of any potential threats.

There’s no limit on how many risk management techniques you can employ, in-fact it’s wiser for a business to safeguard by utilising as many as they can as long as they’re relevant and beneficial for it.

How to Manage Ecommerce Risk

For online merchants, there are certain precautions that should always be incorporated into a Risk Management strategy.

Choosing the right credit card processing company will be important when it comes to understanding eCommerce fraud risk. Those who take into account the standard of a processor’s customer protection abilities would be wise in doing so, as they will likely be the one’s providing the most effective risk management support for their business clients.

Tackling and preventing fraud is of paramount importance; avoid fraud related losses through a streamlined risk management plan.
How to Manage Ecommerce Risk - 5 Steps


Install fraud prevention tools to reduce any potential exposure, such as Address Verification Service, CVC 2, CID, or go branded with ‘Verified by Visa and MasterCard SecureCode.

The latter tools increase security by requiring cardholders to authenticate themselves by entering their password during the checkout process. This effectively shields vendors from fraud-related chargebacks.

PCI (Payment Card Industry) and DSS (Data Security Standards) supply online retailers with standards, procedures, and tools for safeguarding private account information. Vendors will require encryption capabilities for data transmission and powerful internal controls for protecting stored card & card-holder information.

How to Protect Your Business from Cyber Attacks, Hackers, and Malware

There are many steps a business can take to prevent cyber-attacks, both internally and externally. It is especially crucial to businesses that store sensitive customer information.

There are many steps a business can take to prevent cyber-attacks, both internally and externally. It is especially crucial to businesses that store sensitive customer information, that steps are put firmly in place to prevent data loss or illicit data hacking with subsequent release.

Here is a handful of helpful tips on how to protect your website from data breaches:

01. _ Implement a Risk Management Strategy

As discussed, choosing a risk management technique is essential to safeguarding not only a company’s website, but also their brand reputation. It’s important that a business selects the right one based on relevant, determining factors.

02. _ Monitor & Address Suspicious Employee Activity & Behaviour 

In an ideal world, all employees are happy in the workplace with no ulterior motives. Unfortunately, this isn’t always the case. If concerns become apparent or behaviour changes, employee monitoring software is a subtle option to undertake. It can detect when employees browse topics regarding (e.g.) hacking, internet chats, and significant declines in work-related actions.

03. _ Back-up & Save Your Data Frequently

If a data breach occurs and a lot of data is lost, then it’s not the end of the world if fundamental data is backed-up and ready to be reinstalled.

04. _ Limit Access 

By setting up perimeter restrictions, businesses are effectively safeguarding sensitive data from hackers and employees – the latter should technically only have access to what they need, and be briefed with any sensitive data on a need-to-know basis. There are several software programs that are capable of restricting employee access to server locations, etc.

05. _ Ensure all Security Protocols are Maintained & Updated

The obvious. A good practice is to implement privileged user monitoring for system administrators. Restricting the creation of new system rules, advancing user privileges, or the editing of any configuration files. Ensure all security firewalls, anti-virus, and anti-spyware is updated at all times.

06. _ SSL Is Important For Every Website

If a business doesn’t have an SSL Certificate, then it’s vital that it’s set-up. SSL is used to protect sensitive information sent across the internet is encrypted so that the intended recipient is the only one who can access it. SSL is perfect for protection against hackers.

Notable Businesses Who've Been Hacked

Even some of the world’s biggest brands have fallen to the hands of hackers.

In 2018, Q&A social website Quora suffered a data breach that could’ve potentially exposed the personal data of up to 100 million users as a “result of unauthorised access” to one of its systems by what was described as a “malicious 3rd party.”

In 2014, Marriott International Hotel group revealed a huge data breach affecting more than 500 million guests from an attack by an unauthorised party who hacked their Starwood guest authorisation database.

Out of the estimated 500 million, around 327 million guests had a combination of name, address, passport numbers, and check in/out information stolen.

how to protect website from attacks


One of the most high-profile data breaches occurred in 2015, when “The Impact Team”, an online vigilante group stole the user data of adult extra-marital affairs site, Ashley Madison.

The Impact Team copied AM’s client’s personal information regarding the website’s database and threatened to release user’s identities, unless AM shut down immediately. Over two days, August 18 and 20, the group leaked more than 25GB of AM’s data, along with client details.

Many of the website’s clients feared being publically shamed due to AM’s policy of not deleting their user’s personal information, from real names and addresses, to search history and transaction records.

The key factor in deciding how to gauge the potential risk of exposure is down to the risk analysis of a business. Smaller organisations with little-to-no monetary or liability risk would be inclined to not invest in costly countermeasures in order to secure their system security.

However, if a risk analysis suggests that potential, specific threats could be detrimental to a business, then it is imperative that security protocols are put in place to safeguard the security and future of the business.

Always provide a thorough, concise analysis in order to determine how to address risk management requirements – not one online website (or person) is exempt from a cyber-attack.

Sherwen Studios is able to assist companies and improve their business performance by minimising risk and ensuring compliance.

We safeguard each website with precision, agility, and care; implementing contingency plans for each project and venture your business undertakes.

Contact us below to find out more about our Risk Implementation strategies.

Contact Us