More than half of work from home employees admit to risky behavior
Are your employees conducting risky business?
A recent report published by cyber security firm Tessian, found that 52% of employees feel they can get away with riskier behavior while working from home.
The study has some revealing trends that are a true indicator of the state of security with work from home employees. For example, the study highlights that work from home employees are willing to share confidential documents via email.
It appears that employees feel they are not being watched or scrutinized as heavily when working from home. This sense of freedom has a direct correlation to behavior that could result in a data breach.
Confidence or Carelessness?
Are employees being careless with your company data, or do they have a sense of confidence they are secure?
The answer to this question may not be a simple yes, or no. One thing is for sure, our sense of concern seems to decrease while away from the office. This doesn’t automatically imply that your employees are reckless. It highlights that our security policies and procedures simply have not been updated or modified to include the work from home environment.
One thing is for certain most employees behave different if they feel they aren’t being watched. And the employees may very well be correct, most companies have not decided how to handle the use of personal devices. Companies should take the initiative to implement monitoring of any device that is permitted to communicate with their local network.
Do not take this as legal advice, as I am not a lawyer, nor do I pretend to be one. But in order to protect you and your employee your company needs to tackle this privacy issue head on.
Don’t wait for a court to sort this out in the event your data is lost or stolen. Enforce your existing data protection and data privacy policies and amend them to include the work from home environment.
We are far enough along into the work from home world where it is time for companies to get back to the basics of IT security. Restart your security awareness training program, make sure your corporate anti-virus is set up on your employees work from home device. Run your audits and reports, and then analyze the results. What you find may frighten you but sweeping it under the rug is not good either.
This is no time to be indecisive or to procrastinate. There may be some reluctance from your employee if they are using their personal device. If you encounter this, your company will have to secure a device for them to use or finalize a plan both parties can agree to.
Virtual Desktops
Virtual Desktops may provide the perfect balance between remote work, and corporate control. With a Virtual Desktop, your security team can manage data access, ensure backups run and retain the control absent from most work from home solutions.
Virtual Desktops allow employees to work from anywhere. The flexibility virtual environments allow is ideal for both IT, and the employee. Many virtual desktop solutions do not require upfront hardware costs to implement, and can run through an application.
It’s not all on your employees.
Management has some of the responsibility when it comes to the security of your companies data. Tessian found that employees cut corners when pressured to complete their work quickly.
For some, this has involved using workarounds, and circumventing existing security protocols. It may be a good idea to survey your employees to find out what is working and what isn’t.
Take a closer look.
It’s time to examine your existing security protocols and procedures. What worked in the office, may not work well when it comes to employees working from home.
Look at your employee’s personal device. Are they running a tablet, a chrome book or even a Mac? Is the personal device shared, or not? These scenarios should be reviewed so you aren’t unintentionally leaving a security risk unaddressed.
Don’t leave your security unattended.
When is the last time you thoroughly reviewed your security policies, procedures and technology? Chances are you it’s been a while since you reviewed all three at the same time.
For most companies this is the first time they are having to deal with remote employees. By now you are living with the notion of employees working from their home office. Face it, this is the reality we are living in, and it may very well be some time before things change again.
There is never going to be a good time to review and modify your security policies. The summer may be the best time since people normally take vacations.
Use any lull you find and discipline yourself to perform a full review and audit. It doesn’t mean you have to spend money, but you will have to spend some sweat equity.