Your company likely made many quick decisions back in March 2020. As an IT leader, you provided the tools employees needed to stay productive while working remotely. It had to happen now or sooner.
Your team made it possible for the business to continue moving forward during the pandemic. It was not easy. But you got the right tools onto the network and into employees’ hands to keep things running. You kept your company safe and productive.
But now, companies like yours are realizing that some of the decisions that were the best move to make two years ago need to be revisited. The same tools that made it possible for teams to work together, create and deliver for the past two years may also be causing privacy issues for your employees and your organization.
What about privacy changed during the pandemic?
Privacy concerns can affect employees. A survey from F-Secure found that 67% of remote workers said that they were worried about security and privacy. That’s compared to 58% of other workers. In addition, 70% worry that their internet-connected devices could lead to a breach of their privacy. When employees are not concerned about privacy, they are more likely to focus on their tasks and be more productive.
However, remote work brings security challenges. In fact, a Forrester report found that 67% of cyberattacks on businesses were targeting remote employees. Risks have increased over the past two years due to remote working.
Now is the perfect time to pause and look at your current set of tools and tech. Are they the best choices for your company? Here are three types of technologies to take a look at with fresh eyes from a privacy perspective.
Privacy concerns with employee surveillance software
Many companies were not comfortable with the idea of employees not being on-site to ensure they were really working. So, they turned to employee surveillance software. This type of technology can be installed on company-provided devices, often without the employees’ knowledge or permission depending on the state. It captures a wide range of information, including recording voice conversations, taking pictures of the employee’s screen and recording video.
Harvard Business ethics professor J.S. Nelson told TODAY that during the move to remote work due to the pandemic, sales of employee workplace surveillance software more than tripled. Employees who worked at a company with more than 500 employees were likely to have some kind of surveillance software installed on their devices. However, employees are concerned about this level of tracking. They also worry attackers could steal private information during a data breach.
Using other methods to ensure productivity
In general, remote work doesn’t hurt productivity. University of Southampton’s Work After Lockdown study asked workers about their productivity working remotely from July 2020 to December 2021. 90% of the employees rated their productivity as either the same or higher while working remotely. Additionally, 54% rated it as higher than before the pandemic.
Instead, companies shifted to a culture where they measure employees on completion and quality of their work instead of time in their seats. They can continue this level of productivity without monitoring. Companies who installed this technology during the move to remote work should take another look at the need both in terms of privacy and employee satisfaction.
Maintaining security while complying with privacy rules
Meeting both cybersecurity and privacy concerns has always been a tough challenge. The difficulty has only increased with the move to remote or hybrid work models. What else can employers do that doesn’t involve employee surveillance software? Instead, use technology that increases cybersecurity by reducing vulnerabilities.
Here are three ways to meet the often-conflicting needs of the two demands:
- Segmenting employees’ home networks. Segment home networks between work and personal devices. This approach reduces the impact of a breach. After all, if an attacker breaches a personal device in the home, the virus cannot spread to work devices and then the work infrastructure. This also reduces the visibility that the company has into the employees’ personal devices and networks. After all, the person doesn’t access them on the same network.
- Implement a zero trust approach. By moving to a zero trust approach, you can more effectively protect remote workers. Yesterday’s approach was meant for a designed perimeter, but zero trust uses different technologies and strategies. It operates on the principle that all access requests are not authorized until proven otherwise. Organizations that use micro-segmentation as part of their zero trust framework also limit the impact of a breach. Their employees only have access to the area of the network they need for business purposes.
- Use identity and access management (IAM). The 2021 IBM Cost of a Data Breach found that compromised credentials continue to be the most common initial attack vector. By using IAM, which is the cornerstone of zero trust, you can focus on controlling access to the network instead of trying to control the perimeter. IAM uses machine learning and artificial intelligence to understand a user’s typical patterns, such as behavior, browser type and device. The tools create risk scores when odd patterns emerge.
Many employees blend work and personal life, even more, when working remotely. This may be good for productivity and satisfaction. However, this shift makes it even harder to balance privacy and cybersecurity. Plus, the first priority still needs to be keeping employees as productive as possible. With the trend for increased hybrid work, companies can strike this balance and create a positive path forward.