Avoiding the pitfalls of rapid digital transformation

Determining how digital technology can be used to improve an organisation and implementing change accordingly is, in the modern world, essential practice. There can be little doubt, after all, that it is organisations that adapt and evolve that are consistently amongst the most successful.

In recent weeks, digital business transformation has increased rapidly. Faced with unprecedented challenges, decision-makers have been forced to implement change in order to remain functional. Whilst the benefits of digital transformation cannot be understated, implementing the change too rapidly typically results in the creation of unforeseen pain points, capable of generating a plethora of drawbacks including drops in productivity, disgruntled customers or substantial fines. 

Nevertheless, current circumstances have simply not been conducive to the careful planning that should accompany digital transformation. It would be churlish to claim otherwise and, in order to help, we have compiled this list of common problems that occur when change is introduced with excessive urgency:

Gaps appear in cyber security

Alterations to digital infrastructure and strategy are one of the most common causes of loopholes in security measures and this is worsened when alterations need to be made remotely. An open port, for example, can provide cybercriminals with a direct route into an organisation’s network. Changes to settings, too, can bring about flaws in security if not reviewed thoroughly.

With so many administrators needing to make such changes within short spaces of time in order to ensure employees could access digital resources from home in recent weeks, it stands to reason that a significant portion of networks are significantly less secure today than they were three months ago.

Technical change is not the only reason an increase in remote working practices can adversely affect digital security: the majority of cyber security incidents are traceable to human error.¹ Usually, the error in question amounts to a link in a phishing email being clicked or a user being tricked in to providing a nefarious actor with sensitive information.

Reports from both the UK National Cyber Security Centre and the US Cyber security and Infrastructure Security Agency have also confirmed that a growing number of cybercriminals are mimicking official authorities and offering recipients assistance in dealing with various negative impacts brought about by the COVID pandemic in an attempt to extract sensitive information from them². The likelihood of an employee – and therefore organisation – falling foul of such an attack is heightened as a result. 

In order to address this threat, network administrators should carefully review their network settings and, if possible, conduct penetration testing after all macro changes made to this resource. It is also advisable that all employees are provided with some cyber security training to negate the threat posed by phishing and similar attacks.

Finally, it’s important to note that ineffective security setups now carry serious consequence: GDPR legislation dictates that fines for poor measures can total up to £18 million or, if it would result in a larger fine, 4% of an organisation’s global annual turnover.

Organisations can cease to be compliant

Ensuring adherence to various requirements set out by regulatory bodies typically involves digital technology being harnessed in some way. The need to retain records and correspondence for specified periods of time is a pertinent example, particularly as storage media is now regularly found in data centres rather than on-site.

When making adjustments to infrastructure, individual devices or the practices stakeholders must follow, the likelihood of documents being lost increases. They can, for example, be stored in incorrect formats, become corrupted or be prohibited from reaching virtual storage locations.

Broader legislative requirements must also be considered. GDPR clearly stipulates that data concerning clients that is not stored within centralised sites such as offices or data centres must be encrypted. Further, all organisations are required to provide their customers and users of their online properties with clear and accurate privacy policies.

In both cases, alterations to organisational practice are certain to have brought circumstances wherein data is stored on devices employees are keeping at home and where privacy policies no longer accurately describe how data is stored, used, etc. Organisations’ stakeholders, administrators or, if applicable, data protection officers should therefore review circumstances and deliver solutions post haste.

Recovery processes become inefficient

Disaster recovery processes have become increasingly complex in recent years. Organisations now consistently rely on a blend of physical and virtual processing and storage infrastructure and, as a direct result, the methodologies required to recover lost data or restore compromised systems to working order must be frequently reviewed and adjusted.

This practice, known as resiliency orchestration, should be undertaken regularly irrespective of whether alterations have been made to setups. If the kind of macro change obligated by recent events has taken place, though, it is of the utmost importance that the evaluation of recovery processes is prioritised.

Not orchestrated recovery processes are inefficient, bringing about considerably more downtime than is necessary. Research by Gartner has shown that downtime costs businesses £4,500 per minute³ meaning that just one single hour of downtime – a conservative estimate when recoveries have not been optimised – would bring about losses totalling £270,000. Downtime is by no means the worst possible outcome, either: backups can be lost in their entirety, preventing afflicted organisations from trading. It is advisable that all recovery processes are reviewed following all macro changes to infrastructure and operations.

Employee productivity is adversely affected

A study conducted by the Connecticut Business and Industry Association in 2017 revealed that employees that experienced changes in the workplace were more likely to report chronic work stress and significantly less likely to trust their employer than those that did not.⁴ Stress is proven to harm productivity, employee experience, as well as absence rates and employee turnover.⁵ Nevertheless, change has been wholly inevitable in the second quarter of 2020 and is, it is not unreasonable to state, an inevitability at all times. How, though, can this problem be addressed?

The answer lies in both leadership and transparency. As psychologist Harold Leavitt posited when discussing hierarchies in 2003: “On a fundamental level, they [hierarchies]… fulfil our deep needs for order and security. And they get big jobs done.”⁶

Communicating that change is forthcoming will help to instil a sense of confidence – of order – within the workforce. Supplementing this with practical training on the use of new technologies and associated systems will also help to address the drop in productivity made all but inevitable by the need to alter digital interfaces.

Tech can become misaligned with objectives

Certainly, a broader issue commonplace before the pandemic and certain to proliferate in the ‘new normal’, the spurious adoption of tech that does not truly aid organisations’ pursuit of their goals has, nevertheless, surged in recent times. Decision-makers, in need of solutions to pressing problems, have been lured by the promise of technology and made decisions without due consideration. Rarely, if at all, will they have selected the very best options for their organisations.

Determining what technology will best benefit an organisation’s pursuits is a time-consuming process that is best undertaken by those who possess technical acumen and relevant experience. If in doubt, decision-makers should always seek expert advice in advance of pulling triggers.

References

1. Kaspersky (2020) Kaspersky Security Awareness
2. LexisNexis (2020) Coronavirus (COVID-19) related cybercrime on the rise
3. Gartner (2014) The Cost of Downtime
4. The Connecticut Business & Industry Association (2017) The Impact of Organizational Change on Employees
5. Astutis (2018) How Does Stress Affect Workplace Productivity
6. Leavit. H for Harvard Business Review (2003) Why Hierarchies Thrive​​​​​​​