Teleworking, also referred to as remote work, mobile work, or telecommuting, is not a new concept, since it originated simultaneously with the energy crises of the 1970s [1
]. The change in the social paradigm in the light of the expansion of telecommunications and informed extrapolation played a crucial role in the emergence of the concept of teleworking. Its further development took place under the special attention of analysts, who approached it primarily from a sociological aspect, and a decade later teleworking was characterized as the “next working environment revolution” [2
]. However, despite the profound interest of researchers in its study, for a long time there has been no comprehensive and formal definition of this work concept. Initial attempts to define teleworking involved its reduction to a one-dimensional component—the place of work, organizational structure, characteristics of employees, or the use of information technology [3
]. This is also evident from the Framework Agreement on Teleworking, adopted by ETUC, UNICE, UEAPME and CEEP with the aim of modernizing the prevailing models of work, which offers the first official definition: “Telework is a form of organising and/or performing work, using information technology, in the context of an employment contract/relationship, where work, which could also be performed at the employers premises, is carried out away from those premises on a regular basis” [6
]. The difficulties in defining this concept are two-fold: first, the fact that the process of its implementation was quite timid and sporadic, which is why the literature states that it represents a “never-ending promise” [7
], and second, the basic essence of teleworking, which is mirrored in its flexibility and adaptability in order to successfully respond to a wide range of different organizational requirements. Flexibility as a basic determinant of teleworking is also emphasized in the Telework Enhancement Act of 2010, which contains the most comprehensive definition: “The term ‘telework’ or ‘teleworking’ refers to a work flexibility arrangement under which an employee performs the duties and responsibilities of such employee’s position, and other authorized activities, from an approved worksite other than the location from which the employee would otherwise work” [8
The COVID-19 pandemic has resulted in a transformation of the work environment marked by the accelerated digitization and decentralization of office activities as a result of increased teleworking. According to a January 2021 report by the International Labour Organization, about 93% of the world’s total workforce resides in countries with some form of restrictions or modifications to the conventional work regime [9
]. The global response to the health crisis has required the introduction of alternative models of work engagement, which, in turn, initiated the need to provide new answers to old questions on the efficiency and cybersecurity of teleworking. The European Commission estimates that in the period before the pandemic, only 15% of employees in the EU had practiced teleworking at least once, while according to a Eurofound report, close to 40% of employees switched exclusively to teleworking during the pandemic [10
]. In the United States, the number of teleworkers almost doubled, reaching 67% between mid-March and early April [12
]. The unexpected and rapidly growing bloom of teleworking has resulted in a resurgence of interest from the scientific community [13
], in light of the premise that the pandemic, for white-collar workers, marked a definite crossing of the Rubicon and an irreversible break with traditional work habits.
The fact that we have indeed entered a new business era has been confirmed by numerous studies of employee perceptions that speak in favour of their readiness to at least partially continue working remotely after the end of the pandemic [15
]. In addition, from the addresses of the most important international actors come increasingly loud appeals for the wider introduction of teleworking and the need for its affirmation by policy makers [9
]. In contrast, the aggressive promotion of teleworking is continuously raising concerns about the adequacy of its technological grounds, employee competencies, and the cybersecurity dimensions of virtual offices. The decentralization of office activities, which occurs as an inevitable consequence of teleworking, besides raising the essential question of its efficiency, highlights also the question of their mutual correlation with the cybersecurity of organizations. An increasing number of studies highlight the impact of the pandemic on shaping the global remote working culture in view of the disturbing escalation of security risks [19
]. The tension of the drama is fostered by the fact that the leading geopolitical forces, more than a decade ago, defined cyberspace as the fifth operational domain of warfare, putting it at the very top of their security agendas [22
]. On that account, the academic community brings cybersecurity into the context of the “21st century battlefield” [23
], issuing alarming warnings that the cybercrisis caused by a rising dependence on information technology could easily escalate into a “new pandemic” [24
2. Review of the Scientific Literature
Teleworking, taking into account the continuous changes in the business arena, is becoming a topic of interest in theory and in practice, due to the wide-ranging implications of this concept, from the organizational, legal, educational, economic, and sociological standpoints. In such circumstances, cybersecurity is gaining importance as a global business, and private interactions mostly take place in a digital environment. The state of play in the field of teleworking is predominantly based on studies evaluating efficiency and flexibility, potential cost savings, the feasibility of remote work tasks, ways of organizing working hours, the availability and adequacy of communication technologies for remote workers, and job satisfaction and work life balance (WHB). Despite theoretical efforts over the past decades, the literature has failed to provide a sufficiently substantiated justification for the under-representation of teleworking in the pre-pandemic period [25
]. The revival of research enthusiasm for researching this concept is unequivocally the result of the COVID-19 outbreak, thus creating a striking line of demarcation in theoretical studies between the period before and after the pandemic.
In that sense, the most significant pre-pandemic theoretical achievements for the development of current research are reflected in the identification of the characteristics of the modern dominant model “telehomeworking” [26
], and in indicating the potential of the “digital transformation of labour” [28
] as a catalyst of an expansion in remote work. Despite obvious differences in the emphasis on different segments of remote work, research from both periods share the same starting point, expressed in the view that the efficiency of teleworking is the result of three key factors: the employee, the organization, and society [29
While during the pandemic remote work became for many organizations the only way to maintain business continuity and consequently the ultimate measure of their efficiency, the scientific scene in the previous period differed significantly in opinions. Thus, a number of authors held the stance that teleworking has a positive impact on boosting the efficiency of organizations [30
], while the standpoint of others was that there is no direct link, since the job performance of employees in the context of flexible working arrangements depends on a number of factors: employee commitment [34
], organizational support [35
], turnover intentions [36
] and work-to-family conflict [37
]. A certain amount of empirical evidence speaks in favour of the negative implications of telework on the efficiency of the organization, especially the risk of miscommunication that occurs as a result of narrowing employee interaction, delayed responsiveness, reduced creativity and responsibility, along with the risk of freewheeling [39
]. On the other hand, it is precisely these circumstances that some authors perceive as an additional incentive for employees to prove their commitment to work tasks outside working hours [40
]. Some studies look at the correlation between efficiency and teleworking through the prism of the nature of the job, emphasizing that employees “who held complex jobs, for those in jobs involving low levels of interdependence and for those in jobs with low levels of social support, the extent of telecommuting had a positive association with job performance” [41
The pandemic-led renaissance of teleworking has led to a radical paradigm shift in employees in terms of their efficiency in a range of diverse activities. Forecasts after the abolition of physical distance measures highlight the increased readiness of employees to reorient from the conventional work environment by intensifying telehomeworking [42
], reengineering office routines [43
], and transitioning to the concept of “hybrid offices” as a kind of symbiosis of the office and working from home. In addition, employers have seen a decline in traditional skepticism about the effectiveness of flexible working arrangements due to their positive effects during the pandemic, the rationalisation of time, and reductions in operating costs [14
]. The view of increased productivity due to remote work has long been advocated for in the literature [45
] and is explained by a causal link with job satisfaction and work life balance that leads to better work performance [46
However, despite the almost daily expansion of the list of benefits of teleworking, this concept should not be glorified. There are authors who warn of the illusory flexibility of teleworking [49
], emphasizing the negative social implications of overlapping the home as a specific social space with the place of work [50
], and the “extensification of work” due to the unification of the private and business spheres [51
]. In addition, attention is drawn to the negative implications of home teleworking on the health of employees [53
]. Recent studies also raise the issue of the impact of teleworking on career development in terms of limited opportunities for advancement [54
A significant number of studies highlight a direct positive link between teleworking and the use of information technology in the context of increasing employee autonomy [55
]. Yet the greatest danger, in the context of teleworking, is the issue of data protection mechanisms, due to the reluctance of many organizations to provide an adequate defence response to a sudden wave of cybercrime [55
]. Although the issue of cybersecurity has only become a focus of research recently due to the new circumstances, the literature even before the pandemic highlighted the increased information vulnerability of organizations with regard to teleworking [58
]. While digital transformation has previously been popularized as a determinant of organizational efficiency and competitive advantage [60
], it was only by acquiring the role of the hero of the pandemic that it has gained paramount importance. The fourth industrial revolution is pushing companies to develop highly innovative business strategies in order to stay competitive in the marketplace [61
]. The recontextualization of the work environment has also imposed new challenges on all organizations [63
], almost reciprocal with the benefits it brings. This is evident in the domain of risk management when it is taken into account that “in the knowledge economy, knowledge risk represents a major factor in achieving organizational performance” [65
]. Namely, the limited ability to monitor remote workers and the security disproportion between servers within organizations and the broadband networks through which employees connect from home cause additional risks of information leakage, especially in the service and public sectors [54
]. In addition, the ubiquitous phenomenon of the digital gap between employees represents a threat to the digital information security of organizations [67
], as they may fail to recognize the necessity of investing in human capital in order to overcome this problem [69
]. For this reason, the importance of education in the field of cybersecurity and the need for its introduction into regular curricula, with the aim of acquiring the necessary competencies in accordance with the forthcoming changes in the labor market, are increasingly emphasized [72
While recent research points out that “well-designed telework arrangements can support development policies” [73
], cybersecurity has for some time been characterized as “an essential sustainable economic development factor” [74
] and “a core need for providing a sustainable and safe society” [75
]. However, despite the extensive literature to date in this area, it should be noted that it treats remote working as isolated from cybersecurity issues, while the cross-section of their interactions is still unexplored territory. The COVID-19 crisis has brought this phenomenon closer than ever, and has imposed on the academic and professional public the need to study their convergence as soon as possible, as this is a new and increasingly important determinant of the sustainability of organizations. Namely, pioneering efforts to investigate this convergence have led to the conclusion that despite the rapid adaptability of many organizations to the mass transition to teleworking, many of them have failed in the task of maintaining digital information security due to a lack of technical capacity, failure to meet minimum safety standards, poorly configured home ICT devices [75
], rising cybercrime rates, lack of education, and gaps in employee digital literacy [76
]. The reason for this lies in the fact that the new business reality was imposed in the form of a firefighting measure to extinguish an escalating fire so that practical solutions were implemented before the theory could examine all their implications. In this sense, the intention of our study is to emphasize to the academic community the need to critically consider teleworking as a growing cybersecurity risk in order to accurately identify necessary security adjustments in virtual offices.
4. Materials and Methods
The empirical aspects of our study consist of constructing latent variables that correspond to different elements of employee perception, both in terms of organizational efficiency and organizations’ vulnerability to the digital information security threats of teleworking during the COVID-19 pandemic. Multiple observed variables were used and the structural equation model (SEM) was formed in order to investigate the causal relationships amongst the factors.
The SEM is a well-known multivariate analysis model that provides robust use in social sciences [80
]. It is notably useful in testing theories that contain multiple equations involving dependence relationships [82
]. The model is most often used as a confirmatory technique, but it can be used for exploratory analysis as well [83
]. We evaluated the structural equation model by the maximum likelihood estimation method with an R package. Thus, all calculations were done with the R package, including the reliability analysis prior to the SEM.
The reliability analysis showing whether the data is appropriate for the SEM should precede the formation of the model. We calculated the Kayser–Meyer–Olkin (KMO) measure of sampling adequacy and Bartlett’s test of sphericity. The results are presented in Table 1
. The lower limit of the KMO of acceptability for the analysis was 0.6 [84
]. Since the KMO was 0.93, we found that the chosen data set was adequate for further multivariate analysis; therefore, we were more than satisfied with the result obtained, and the whole set of variables remained for the multivariate analysis of construct interrelations.
The null hypothesis of Bartlett’s test of sphericity implies the correlation matrix is identical to the identity matrix. Bartlett’s test of sphericity should be statistically significant, i.e., p
< 0.05. If the p
-value obtained is larger than 0.05 or 0.01, the null hypothesis is accepted and it means that the correlation matrix is not significantly different from the identity matrix, so the multivariate analysis has no sense in that case. As can be seen in Table 1
, the Chi-square statistics were large enough to reject the null hypothesis (p
-value < 0.001), so the chosen variables were adequate for multivariate analysis and the SEM.
Data Collection and Data Description
The authors developed a form of questionnaire according to defined research questions. A pilot survey which was carried out in order to examine the validity of the content of the questionnaire was conducted on 30 employees (15 each from the public and private sectors), in the period from 1 to 5 February 2021. Based on their suggestions, the final form of the questionnaire was prepared. The questionnaire was prepared in the Montenegrin and English languages, and its final form was distributed online over a period of seven days (23 February to 3 March 2021). Because of the epidemiological situation during the period of data collection (COVID-19 response measures were in force in Montenegro), the data were collected through the online tool Google Forms, and the survey link was distributed via e-mail to employees in businesses and public administration using publicly available data and registers e-mail registers. Therefore, the survey covered employees from the whole of Montenegro without applying geographical segmentation, although it should be noted that economic activity in Montenegro is concentrated predominantly in the central region; hence, the largest number of respondents come from the central region. The response rate was 24.5% and the total number of completed questionnaires was 1101. Even though questions of the representativeness of the sample and the potential inability to make general conclusions can be raised, it can be said that the number of respondents is significant, especially because, according to the Statistical Office of Montenegro—Monstat, there were as many as 219.4 thousand employees in Montenegro in 2020 [85
Regarding the type of organization, 46% of respondents were from the public sector, 46.7% were from the private sector, 5.8% were from NGOs, while 1.5% were from political parties (Table 2
). In terms of the size of the organization, 56% of respondents belonged to the category of employees in small enterprises, 25.2% to medium and 18.8% to large ones. The three most represented activities were: state administration (15.8%), education (11.2%) and trade (10.7%). Both sexes were symmetrically represented (50.3% women and 49.7% men), while in terms of age structure the category between 31–40 years (40.2%) prevailed, followed by 21–30 years (32.6%), 41–50 (15.6%), 51–60 (7.5%), and ages up to 20 (3.2%) and over 61 (0.8%). Regarding work experience and the years of service of employees who participated in the research, 32.9% of respondents were from the group with up to 5 years of service, 24.4% were from the group with between 6–10 years of service, 19.3% were from the group with between 11–15 years of service, 10.2% were from the group with 16–20 years of service, and 13.2% were from the group with over 21 years of service. The structure of respondents was dominated by higher education (67.1%), followed by post-secondary non-tertiary education (18%), while 14.3% of respondents reported that they have secondary education.
Telework was measured using two variables: Teleworking before the COVID-19 pandemic (T1), and Teleworking during the COVID-19 pandemic (T2). Respondents rated their agreement with a statement asking whether their organization practiced teleworking before and during the COVID-19 pandemic on a 5-point Likert scale, and all items were positively worded: (1) never, (2) almost never, (3) sometimes, (4) relatively often, and (5) often. As can be seen from the data in Table 2
, most respondents (about 80%) had experienced working from home during the pandemic, which gives a favorable light to the analysis. The percentage of respondents who had never had the opportunity to work remotely before the pandemic was much higher (48%), and due to the pandemic this percentage decreased to 20%. Hence, we can say that the analysis is a useful contribution of the perceptions of such respondents, because for the first time they encountered such work, especially since this event came unexpectedly and brought companies into a situation of unpreparedness and rapid adaptations.
The sector is a variable that shows the activities of the organization of the respondents. The sector includes the following activities: agriculture, forestry, hunting and fishing, industry, construction, mining, manufacturing, transport, trade, tourism, catering, services, education, health, culture, police, science, army, public administration, and others. It is scaled from 1 to 20, respectively.
Organizational efficiency perceptions were formed by 3 variables: Impact of teleworking on the efficiency of the organization before and during the COVID-19 pandemic (OEP1 and OEP2, respectively), and the ideal organization of work (regardless of the pandemic (OEP3). Scales for the first two variables, OEP1 and OEP2, were as follows: (1) Teleworking significantly reduces the efficiency of the organization; (2) Teleworking slightly reduces the efficiency of the organization; (3) Teleworking is just as effective as office work; (4) Teleworking slightly increases the efficiency of the organization; (5) Teleworking significantly increases the efficiency of the organization. OEP3 was scaled as follows, in favour of teleworking: (1) exclusively office work; (2) predominantly office work; (3) equal working hours distributed from the office and remotely; (4) predominantly teleworking; (5) exclusively teleworking.
Risks of teleworking consisted of four variables, ROT1 to ROT4, which are named in Table 3
. Cyber-attack changes had five variables, CC1 to CC5, as can be seen also in Table 3
. All variables incorporated into these two constructs, Risks of teleworking and Cyber-attack changes, were scaled by: (1) totally incorrect to (5) totally correct. Cyber-attack response capabilities were formed based on four variables, CRC1 to CRC4, which are listed in Table 3
. These four variables were scaled as follows: (1) poorly; (2) satisfactory; (3) good; (4) very good; (5) excellent.
Perceptions about the key challenges related to digital information security included the following constructs: The most vulnerable entry points (variables MVEP1 to MVEP5), Information exposure (IE1 to IE5), Disruption of digital information security (DISD1 to DISD5), and Cyber security (CS1 to CS5). All those variables were scaled on a Likert scale: (1) totally incorrect to (5) totally correct. The same stood for the construct named Key challenges (KC1 to KC5).
Descriptive statistics of the variables used with a reliability analysis of data are shown in Table 3
. The reliability coefficients (Cronbach alpha) are presented in the last column of Table 3
. Obviously, the coefficients for all groups of variables have excellent values [82
5. Results and Discussion
The constructs developed were modelled together to empirically estimate the conceptual framework presented in Figure 1
. Thus, a confirmatory SEM analysis was conducted in this phase. The results of the estimated model were further confirmed by evaluating fit statistics, and are presented in Table 4
. Namely, Steiger [86
] noted the root mean square error of approximation (RMSEA) with a value less than 0.07 indicated a good fit. Moreover, Kline [87
] denoted 0.1 as the upper acceptable boundary of the RMSEA. The guidelines for the Comparative fit index (CFI) and the Tucker–Lewis index (TFI) were found at Hair et al. [82
]. These authors stated that when dealing with a more complex model (number of variables used is larger than 30), the acceptable goodness-of-fit is above 0.90 for the CFI and TFI. Since we had 44 observed variables in our model, we recorded quite good results, and all fit statistics were in an acceptable range. More specifically, the root mean square error of approximation, the comparative fit index and the Tucker-Lewis index of model fit all met the required thresholds.
Examination of the SEM estimation results revealed numerous significant relationships at the 5% level. Table 5
presents non-normalized and normalized path coefficients.
The procedure for estimating the unstandardized path coefficients implies a reference variable to be assigned to each latent construct. Thus, in Table 5
it appears the unstandardized path coefficient is constrained to equal 1. In this respect, the latent variable is measured in the same way as that reference variable. The results presented in Table 5
reveal that the endogenous construct (teleworking) has a positive and significant impact on actual Organizational efficiency perceptions (standardized path coefficient is 0.572). The variable Sector has a statistically significant but not very strong positive impact (0.090) on Organizational efficiency perceptions.
Our results regarding the significant positive impact of teleworking on organizational efficiency support the results obtained by many authors [82
]. For example, some studies showed that teleworking can increase employees’ productivity, along with having other impacts on job engagement and job performance [93
]. Similarly, Bhat, Pande, and Ahuja [95
] demonstrated key factors in virtual team effectiveness (virtual is equal to remote work). In contrast, some research shows a negative impact of teleworking on organizational efficiency in a way that causes a decline in employee motivation and productivity [96
], as well as a weakening of work self-discipline, which consequently endangers the economic viability of the organization [73
]. The results of our research additionally contribute to the literature because they confirm that working from home contributes to work efficiency even in a condition like the global pandemic, when certain jobs were forced to be performed remotely.
The standardized coefficients presented in Table 4
suggest that in predicting digital information security, key challenges’ perceptions related to digital information security (0.903) are the strongest predictor of the six constructs and one variable (sector). This estimate suggests that perceptions of key challenges related to digital information security have a relatively strong effect on digital information security in conditions of pronounced teleworking during the COVID-19 pandemic. The standardized coefficient for the key challenges/digital information security (0.699) constructs implies that the key challenges (Lack of employee education on cyber-attack protection mechanisms, Lack of IT staff, Lack of technical capacity, Lack of awareness of the seriousness of cyber risk, and Lack of financial resources) are the second strongest predictor of digital information security. The third strongest predictor of digital information security is the construct Cyber-attack changes (0.530). The risks of teleworking construct is the lowest of the six constructs in terms of affecting digital information security, where the standardized coefficient is 0.068. The results also show that the effect that teleworking has on actual digital information security is not statistically significant, since the p
-value corresponding to its path coefficient exceeds 0.1 (0.187). The results also show that the effects that the first three predictors (Key challenges’ perceptions related to digital information security, Key challenges and Cyber-attack changes) have on actual digital information security are very strong, as the standardized coefficients for these effects exceed 0.5.
These results are in line with similar studies. Like Georgiadou et al. [79
], our research reveals that human factors as a core sector of cyber security are still not accepted and not well recognized, even in the context of this pandemic. The Montenegrin employees rated lack of employee education, lack of IT staff, lack of technical capacity and lack of awareness of seriousness of cyber risk as key components that challenge the digital information security of their work organization. Evidently, most of the organizations analysed were not adequately equipped with the IT mechanisms needed to enable their employees to work remotely [97
]. Furthermore, cyber-attack changes, as a strong predictor of digital information security, have become more frequent and sophisticated during the pandemic, as evidenced in recent studies [78
]. Since risks of teleworking showed the least impact (path coefficient of 0.068) in predicting digital information security, we can say that Montenegrin employees do not recognize adequately enough the threat of phishing email scams, the possibility of infecting their devices with malware, cyber-criminals’ easier access to confidential data, etc. Existing literature about cyber security during the COVID-19 outbreak is still scarce, but there are a few studies that emphasize the resilience of current technology within employers’ existing cyber infrastructures [98
Regarding the construct Perceptions of key challenges related to digital information security, we investigated the impact of four latent constructs on these perceptions. The most vulnerable entry points (PC and smart phone, Cloud systems, Web server, portable memory storage devices (USB, etc.) and Router) have the strongest impact, measured by a standardized path coefficient of 0.853. Afterwards, the Information exposure construct is the second strongest predictor of Perceptions of key challenges related to digital information security, with a standardized path coefficient of 0.835. Finally, the Cyber security construct is the lowest of the four constructs in terms of affecting Perceptions of key challenges related to digital information security, but has the strongest impact where the standardized coefficient is 0.663. Therefore, as Pranggono and Arabo [98
] have stated, employees are aware of vulnerable entry points, and it is important to physically protect home office devices. In circumstances where the threat of cyber-crime is more prevalent than ever, organizations are forced to put the software, policies and tools in place that can ensure business continuity and safeguard against the threat of ransomware [101
]. In order to promptly identify and overcome cyber threats, it is necessary that all employees are engaged because cybersecurity risk management is increasingly becoming a vital factor in the security of organizations [75
represents the covariance between two constructs: Organizational efficiency perceptions, and Digital information security. The covariance was found not to be significant. This result implies that perceptions about organizational efficiency and perceptions about digital information security are not interrelated. This is a good aspect for our research, since we have conceptually separated these two types of perceptions, and based on the pilot research, formed the correct conceptual scheme of the model, with the links presented in Figure 1
. However, the exact form of this relationship in theory is uncertain, since, to the best of our knowledge, there has been no similar empirical study to date.
Therefore, the main findings of the research are the following: teleworking has no impact on digital information security; teleworking has a positive and significant impact on organizational efficiency perceptions; finally, perceptions of key challenges related to digital information security have a relatively strong effect on digital information security. Based on the research, we emphasize these key findings and implications in the form of recommendations for practitioners:
Because we have shown that teleworking has no significant impact on digital information security in this analysis, and have thus rejected our hypothesis H1, our conclusion is that the current state of employees’ perceptions of the importance of digital information security has not improved much, even in the conditions of the COVID-19 pandemic. Work organizations, not only in Montenegro but worldwide, should insist on cyber security training and raising awareness of these issues. Namely, many organizations obviously had not prepared their staff for this unexpected transition to remote work. That is why employers should make particular efforts to ensure their employees have an adequate awareness of the cyber security policies and practices within their workplace [99
]. Hence, raising cyber security awareness among employees by constant training and education is important to reduce the risks of cyber-attacks on an organization;
Teleworking has a positive and significant impact on organizational efficiency perceptions, which proves the second research hypothesis, H2. Hence, work from home can be beneficial for both employers and employees [77
]. This suggests that teleworking can serve as an alternative to office work even after the COVID-19 pandemic, and businesses should embrace this new working reality. This is especially true for jobs that have proven to be feasible remotely, such as financial work, business management, and professional and scientific services [102
]. This recommendation is also in line with a number of results in the existing literature that highlight the benefits of working from home for employees, such as the flexibility of employees’ working time and place of work, allowing them to balance work and private life [103
Proving that the third research hypothesis was correct, we have showed that perceptions of the key challenges related to digital information security have a relatively strong effect on digital information security. The Montenegrin employees were aware of the fact that all work devices should have strong endpoint protection measures to secure working infrastructure. When dealing with information exposure, employers should implement a company-wide policy regarding back-up servers and saving documents and data to a secure area, in order to protect business data [101
]. Furthermore, it is essential to have the appropriate, latest-generation software that can respond adequately to the threat of serious cyber-attacks caused by malware, so organizations can proactively avoid and reduce cyber-related risks. The fact of great importance that the research has shown is that employees in a relatively small and still developing country have a well-established attitude about the importance of working in a digitally secure environment.
It is certainly useful to examine these results in more detail. Namely, it is important to investigate whether the answers regarding organizational efficiency differed significantly among respondents who did not have experience working from home during the pandemic, from those who worked remotely, especially due to the fact that all the data were perception based. Simply put, as people working from home felt comfortable and able to better reconcile work with family responsibilities, it is possible that there was bias in their responses to the organizational efficiency assessment (because that assessment is subjective). The same applies to digital information security perceptions. This can be established by the analysis of variance (ANOVA). Namely, the SEM model in this case cannot be evaluated separately for respondents who did not have teleworking experience during the pandemic (labeled by 1 in variable RT2), on the one hand, and for those respondents who had that experience (labeled by 4 or 5 in variable RT2), on the other hand, due to the very nature of the model. Such a matrix would not be positively definitive due to small deviations, if any, in the crucial variable RT2 (Teleworking during the COVID-19 pandemic). Therefore, we conducted an ANOVA test in order to examine those possible differences among the five modality groups of variable RT2 (1) never, (2) almost never, (3) sometimes, (4) relatively often, and (5) often practised teleworking during the COVID-19 pandemic). The main variables that we chose to examine were regarding organizational efficiency perceptions (OEP1, OEP2 and OEP3) and variables regarding digital information security perceptions (cyber security, in particular, CS1 to CS5; the same can be showed for the rest of the variables used).
The initial hypothesis of the ANOVA test states that the expected values of the variables examined for the respondents who had different levels of experience of teleworking during the COVID-19 pandemic (variable RT2) would be the same. Based on the results of the ANOVA tests presented in Table 7
, it is noticed that there is a certain value of deviation of the average value of the variables per level of the variable RT2 compared to the common average value of the variables for all respondents. The calculated value of F statistics, presented in Table 7
and obtained by applying the factor-residual variance, and the associated probability, indicated that for each variables examined, it is necessary to reject any assumption of the equality of the expected values of the variables regarding organizational efficiency perceptions (OEP1, OEP2 and OEP3) and the variables regarding digital information security perceptions (for example CS1 to CS5), which were measured for groups of respondents with different levels of experience of teleworking during the pandemic. The level of significance, which is made by the rejection of the null hypothesis of the F test, is less than 5% for each variable. Post hoc analysis of Tukey’s test, presented in Appendix A
), revealed there were basic differences of assessments in all variables among certain groups, especially among those who were not teleworking (labeled by 1 in variable RT2) and those who were often or relatively often teleworking (labeled by 4 or 5 in variable RT2). Hence, we have to be cautious when making conclusions regarding the research results.
The main shortcomings of our paper are that organizational efficiency is evaluated on the basis of a subjective category (perception). Therefore, the recommendation for future research is to include some objective assessment of organizational efficiency. Further, the target group of respondents should include only the employees who had a pronounced experience of teleworking, so that the time spent working remotely is scaled as a time interval. We strongly believe that these preliminary steps would provide more reliable results, especially regarding the nexus between teleworking and work efficiency.
Empirical studies conducted in the period before the pandemic came to different results regarding the impact of teleworking on perceptions of organizational efficiency [31
]. In that sense, there is agreement in the literature only with regard to the main identified determinants that affect the correlation between teleworking and organizational efficiency (flexibility of work arrangements, employee autonomy, reduction of operating costs, risks of miscommunication, coordination of business activities, possibility of supervision and organizational support), while the assessment of their impact differs significantly. For example, despite the widely held view that the flexibility of teleworking has a positive impact on efficiency gains, some empirical evidence shows a decline in productivity, due to the merging of the private and business spheres [51
]. However, the COVID-19 pandemic has resulted in a radical paradigm shift both in the domain of the perception of organizational efficiency and in the very way of organizing teleworking, which went overnight from an alternative concept to the predominate way of functioning. Bearing in mind that in the pandemic period, teleworking’s introduction came suddenly and en masse
, there is a striking distinction in relation to the previous voluntary, pre-planned, organized and work-adapted forms of remote work arrangements. In that sense, the essential problem of the rapid expansion of teleworking in the COVID-19 era is its incompatibility with certain sectors and competencies of employees. Namely, teleworking has traditionally been associated with narrowly defined activities whose nature allowed the smooth organization of work in this way (IT, financial services, scientific activities, real estate [104
]), as well as with highly qualified categories of employees—white collar workers [105
]. In addition to the type of activity, the efficiency of teleworking largely depends on the size of the organization, since numerous studies have shown a greater degree of its application in large organizations [106
]. On the other hand, pandemic teleworking was rapidly introduced, which had a negative impact on the efficiency of certain activities. For this reason, the issue of teleworkability as a vital indicator of the impact of the pandemic on teleworking efficiency has begun to be considered in the literature [107
]. According to the latest assessments, sectoral teleworkability mostly depends on the number of physical handling tasks, since teleworking is not only inefficient, but also inapplicable to a number of professions (firefighters, agricultural producers, medical staff, etc.) [106
]. The high level of teleworkability is closely related to the degree of digitalization of certain activities, i.e., the technical feasibility of work tasks through modern technologies. Nevertheless, although technological innovations are regularly glorified as basic generators of flexible working arrangements [52
], the pandemic has also shown their negative implications on employee productivity. Namely, increased dependence on IoT and exposure to cyber risks, being flooded with unnecessary information, difficult business communication, together with limited supervision and coordination of business activities have been perceived as essential factors in the decline of organizational efficiency during the pandemic [105
While the pandemic has imposed teleworking as the ultimate way to maintain business continuity during emergencies, a growing body of research speaks in favour of its further expansion in the post-pandemic period [110
]. Although analyses of its positive and negative aspects provoke sharp and divided attitudes, we should not lose sight of the fact that teleworking, like any artifact, cannot in itself have an unambiguous attribute of good or bad, but must be viewed through the perspective of its application. Given that digital technologies have played a crucial role in establishing vital workplace links during the pandemic, it is logical to expect that the further spread of teleworking will take place simultaneously with their unstoppable development: “Digital assets result in the digitalization of processes, which go beyond the digitalization of information, resources, value creation and revenue growth” [113
]. With that in mind, it is more than clear that digital and flexible work patterns are becoming an imperative of the new age. To prepare for the increased prevalence of teleworking, timely and comprehensive consideration of cybersecurity is essential. Given the conspicuous potential of cyber-attacks in the achievement of economic, political, and military goals [114
], their expansion is inevitable in the years ahead. The reciprocal correlation of teleworking and the escalation of cyber-attacks imposes the need to develop innovative defense mechanisms in organizations by investing in information infrastructure, along with the continuous education of employees in order to help them adopt a set of digital skills. Anticipation of future work dynamics leads to the conclusion that the degree of resilience to cyber risks and the flexibility of work arrangements will become one of the key determinants of the efficiency of organizations in the era of the digital revolution.
The conducted research has several limitations, which can be the starting point for future research. Primarily, the research covers a large number of unrelated activities, so it does not provide a comparative overview of the degree of representation of teleworking and the key challenges in terms of cybersecurity of individual activities. Bearing in mind that there is a significant disparity between certain categories of activities with regard to their efficiency of teleworking and exposure to cyber-attacks, we believe that future studies should go in the direction of accurately identifying the specific needs of individual business domains. In addition, the relevance of the results achieved is influenced by the personal beliefs and preferences of employees, as well as the present scepticism towards expressing views on sensitive issues related to the most vulnerable links of their organizations’ information security systems. An important factor is the level of information literacy, as a result of which some terminologically more complex questions could be misunderstood by the respondents, which also calls into question the adequacy of the answers obtained. Also, the research was done on the example of Montenegro, and although it is a significant sample in proportion to the number of inhabitants, it should be borne in mind that this is a small country in which the process of digital transformation has been quite slow. In this regard, it would be particularly interesting to conduct a similar study in a more technologically developed country in order to obtain a comparative overview of the situation in the field of teleworking culture and their cybersecurity implications.