The remote work trend does not show signs of stopping. According to survey data from KPMG that investigates the work experience post-COVID-19, 68 percent of large company CEOs plan to downsize office space, moving more workers to remote positions. This represents a significant transition in the ways people will view the workplace and the fundamental nature of work. It blurs the work/life divide, but also brings better balance, productivity, and more connections with family. It also comes with cybersecurity risks, as workers chat, access and create files, and communicate with customers from remote technology tools. TechRadar reports 90 percent of data breaches are caused by human error. Adding remote work to this equation means companies must adjust their practices if they want to enjoy the cost savings of remote environments without the cybersecurity risks.
The Need for Empathetic and Complete Training
Companies need to project their data, but also must manage remote workers with empathy and support. Some people now working from home spent the previous 20 or more years in a traditional office setting. Now they are confronted by all the distractions of home, such as kids struggling with distance learning, or loud neighbors. It’s a different dynamic, one with multiple stressors and pressure points that might cause employees to make mistakes, such as sending corporate data to the wrong person. Or an employee might accidentally use their personal email account to communicate with coworkers, instead of utilizing their corporate security-protected email.
Training for remote workers is vital to decrease the risks of data breaches and exposure, and to improve employee morale and productivity. Employees want to protect their employers and their own jobs, so they are eager for advanced training that provides them with structure and best practices. The training should cover the expectations for employees, in terms of usage of corporate VPNs and company-provided computers. And it should provide employees guidance on threats they might encounter, such as phishing schemes pretending to offer COVID-19 information. There are also “smishing” schemes that happen through text messaging, where the recipient is tricked into providing sensitive information. Employees need visual examples of these threats, as well as basic cybersecurity tips. This could include directions for password strength and security, avoiding use of thumb drives, not using unsecured Wi-Fi connections, and logging off network connections when the computer is unattended.
Employee training should also detail the risks with internet searching. Remote employees are more likely to visit questionable sites and content, which exposes them and their employer to malware. Companies can respond by pushing employees towards safe-search and communication platforms such as GOFBA that use proprietary technology to block sites containing pornography, violent imagery, and known malware.
The KPMG survey encouragingly found 91 percent of remote workers noted their employers provided them with some technology tools to help them do their jobs. However, gaps remain.
A consistent risk with remote work is known as “shadow IT.” This scenario involves employees using applications and services that are not approved by their corporate IT departments. Choosing these tools is not typically done with malicious intent, the user is leveraging familiar technology that helps them do their jobs more quickly and effectively. Examples include using WhatsApp to communicate with colleagues or using public cloud storage to share corporate documents instead of using the company’s private cloud. With WhatsApp, employees are sharing confidential content and discussing proprietary company details through an unsecured channel. Companies should avoid these types of tools for organizational communication, and instead use services with enhanced security.
The ubiquity and low-cost of cloud-based tech means a remote worker can setup a cloud storage account in less than a minute. There are no technical barriers to this behavior, so employers should reinforce the security risks of shadow IT, as well as establish meaningful consequences for employees that break protocols.
Keeping an Eye on Employees
With remote work expanding into many sectors, companies will want to keep a closer eye on employees’ actions and productivity. There are multiple levels of monitoring, from checking when employees are logged in to live web camera feeds and keyboard logging. Employers will need to balance their need for protecting data and getting the most out of employees with privacy concerns and the effect monitoring might have on employee morale. As remote work becomes standard, more firms will see the need for less monitoring, as they instead focus on training.
The remote work shift will require dedicated efforts by employees and employers to find a balance that produces desired business results while also keeping data safe. This will mean providing the right technology tools and building a culture of mutual trust with employees.
About the Author:
Bill DeLisi is one of the world’s most authoritative experts on cybersecurity. He is currently the Chief Executive Officer, Chief Technology Officer and a founding member of the Board of Directors for GOFBA, Inc. DeLisi has more than 30 years of experience in the computer industry, including holding the position of Chief Technology Officer at several companies. He has worked closely with Microsoft Gold Certified Partners, helping pioneer “cloud” computing and creating security infrastructures that are still in use today. DeLisi is responsible for the development of proprietary technology that serves as the backbone of GOFBA’s platform and has over 30 certifications with Microsoft, Cisco, Apple, and others, which includes the coveted Systems Engineer with Advanced Security certification, as well as expert status in Cloud Design and Implementation.