Leadership Blaming Working From Home For Its Own Data Privacy Failures

Get ready for executives to blame the next big cyberattack on all you pesky kids working from home.

Businessman working from home do to pandemic outbreakFrom the earliest days of the pandemic, a certain class of business leaders have ripped the concept of remote work. Goldman Sachs CEO David Solomon is an outspoken critic of working from home even though Goldman Sachs research data proved working from home increased productivity. He’s not alone. A number of prominent executives bemoan the hybrid work model even as multiple studies confirm its work and the financial returns their own companies reaped from that era should remove all doubt. Other than businesses that care a lot more about commercial real estate holdings than productivity, working from home — at least some of the week — is a sound business strategy.

Law firms aren’t immune to the warrantless obsession with offices. Some firms are descending into paranoia and retaliating through bonuses. Hybrid work models carry risk, especially when it comes to training because the employees most capable of working from home are also the most valuable employees for delivering in-person training to the next generation. But the fear of a complete training collapse seems overblown at this juncture.

Alas, this makes working from home the perfect excuse! If your boss cannot be shaken from the belief that working from home hurts the bottom line despite mountains of empirical data, then there’s no limit to the failures you can pin on working from home. The boss will buy it!

FTI Consulting just released The Most Valuable, Vulnerable Commodity, a report exploring data and cybersecurity concerns across major businesses. The report is based on a survey of senior-level executives and supplemental one-on-one interviews between analyst Brad Blickstein and senior leaders. As a reflection of perception, the report is a critical guide to the pain points business leaders want addressed and the marketing opportunities available to vendors — including law firms — over the short-term.

But it also, by its nature, carries any false assumptions and biases taking root in corporate groupthink about data. Unsurprisingly, the folks responsible for protecting data are already laying the groundwork to pin any future blame on those pesky kids working from home:

Remote and hybrid work have made data privacy and security more challenging. Nearly half (41%) of respondents stated that data is being shared on devices and through systems that are not sanctioned or covered within the organization’s data privacy policies. Over one-third (38%) stated that remote and hybrid work have made it more difficult for the organization to monitor compliance with or enforce data privacy policies. And even more stated that remote work has increased their potential breach/attack surface.

These people realize that there are multiple proven solutions on the market to keep offsite work in a secure environment, right? Remote desktops are not even particularly new technology.


In fairness, the 41 percent who said data is being shared on unapproved devices didn’t specifically tie that to working from home. But the 38 percent claiming that remote work has complicated monitoring data makes you wonder how the hell they’re storing the data in the first place.

But the line “even more stated that remote work has increased their potential breach/attack surface” goes in the pantheon of corporate buck passing. The 45 percent of respondents with this answer aren’t saying that working from home has caused a breach or attack, but that it has increased the potential in a wholly unspecified manner. A convenient excuse in an atmosphere of increasing risk! With the risk increasing for any number of reasons, why not preemptively blame everyone else if something goes wrong?

Screenshot 2023-02-16 at 10.27.25 AM

This answer is especially disingenuous in the legal space. Lawyers have worked from the home or on the road for years. When lawyers used to pile into the office for 12 hours a day, it’s not like they stopped working when they went home. This industry has not offered attorneys a cleanly demarcated “clock out” in decades. Increasing the hours that lawyers work remotely has not introduced any new risk that hasn’t been there when lawyers logged on from their kids’ soccer games on Saturday mornings in 2004. If a firm hadn’t allocated resources to protect data from the risks of remote work already, then it has bigger problems.

The Most Valuable, Vulnerable Commodity [FTI Consulting]


HeadshotJoe Patrice is a senior editor at Above the Law and co-host of Thinking Like A Lawyer. Feel free to email any tips, questions, or comments. Follow him on Twitter if you’re interested in law, politics, and a healthy dose of college sports news. Joe also serves as a Managing Director at RPN Executive Search.

CRM Banner