Your company likely made many quick decisions back in March 2020. As an IT leader, you provided the tools employees needed to stay productive while working remotely. It had to happen now or sooner.

Your team made it possible for the business to continue moving forward during the pandemic. It was not easy. But you got the right tools onto the network and into employees’ hands to keep things running. You kept your company safe and productive.

But now, companies like yours are realizing that some of the decisions that were the best move to make two years ago need to be revisited. The same tools that made it possible for teams to work together, create and deliver for the past two years may also be causing privacy issues for your employees and your organization.

What about privacy changed during the pandemic?

Privacy concerns can affect employees. A survey from F-Secure found that 67% of remote workers said that they were worried about security and privacy. That’s compared to 58% of other workers. In addition, 70% worry that their internet-connected devices could lead to a breach of their privacy. When employees are not concerned about privacy, they are more likely to focus on their tasks and be more productive.

However, remote work brings security challenges. In fact, a Forrester report found that 67% of cyberattacks on businesses were targeting remote employees. Risks have increased over the past two years due to remote working.

Now is the perfect time to pause and look at your current set of tools and tech. Are they the best choices for your company? Here are three types of technologies to take a look at with fresh eyes from a privacy perspective.

Privacy concerns with employee surveillance software

Many companies were not comfortable with the idea of employees not being on-site to ensure they were really working. So, they turned to employee surveillance software. This type of technology can be installed on company-provided devices, often without the employees’ knowledge or permission depending on the state. It captures a wide range of information, including recording voice conversations, taking pictures of the employee’s screen and recording video.

Harvard Business ethics professor J.S. Nelson told TODAY that during the move to remote work due to the pandemic, sales of employee workplace surveillance software more than tripled. Employees who worked at a company with more than 500 employees were likely to have some kind of surveillance software installed on their devices. However, employees are concerned about this level of tracking. They also worry attackers could steal private information during a data breach.

Using other methods to ensure productivity

In general, remote work doesn’t hurt productivity. University of Southampton’s Work After Lockdown study asked workers about their productivity working remotely from July 2020 to December 2021. 90% of the employees rated their productivity as either the same or higher while working remotely. Additionally, 54% rated it as higher than before the pandemic.

Instead, companies shifted to a culture where they measure employees on completion and quality of their work instead of time in their seats. They can continue this level of productivity without monitoring. Companies who installed this technology during the move to remote work should take another look at the need both in terms of privacy and employee satisfaction.

Maintaining security while complying with privacy rules

Meeting both cybersecurity and privacy concerns has always been a tough challenge. The difficulty has only increased with the move to remote or hybrid work models. What else can employers do that doesn’t involve employee surveillance software? Instead, use technology that increases cybersecurity by reducing vulnerabilities.

Here are three ways to meet the often-conflicting needs of the two demands:

  • Segmenting employees’ home networks. Segment home networks between work and personal devices. This approach reduces the impact of a breach. After all, if an attacker breaches a personal device in the home, the virus cannot spread to work devices and then the work infrastructure. This also reduces the visibility that the company has into the employees’ personal devices and networks. After all, the person doesn’t access them on the same network.
  • Implement a zero trust approach. By moving to a zero trust approach, you can more effectively protect remote workers. Yesterday’s approach was meant for a designed perimeter, but zero trust uses different technologies and strategies. It operates on the principle that all access requests are not authorized until proven otherwise. Organizations that use micro-segmentation as part of their zero trust framework also limit the impact of a breach. Their employees only have access to the area of the network they need for business purposes.
  • Use identity and access management (IAM). The 2021 IBM Cost of a Data Breach found that compromised credentials continue to be the most common initial attack vector. By using IAM, which is the cornerstone of zero trust, you can focus on controlling access to the network instead of trying to control the perimeter. IAM uses machine learning and artificial intelligence to understand a user’s typical patterns, such as behavior, browser type and device. The tools create risk scores when odd patterns emerge.

Many employees blend work and personal life, even more, when working remotely. This may be good for productivity and satisfaction. However, this shift makes it even harder to balance privacy and cybersecurity. Plus, the first priority still needs to be keeping employees as productive as possible. With the trend for increased hybrid work, companies can strike this balance and create a positive path forward.

More from Risk Management

83% of organizations reported insider attacks in 2024

4 min read - According to Cybersecurity Insiders' recent 2024 Insider Threat Report, 83% of organizations reported at least one insider attack in the last year. Even more surprising than this statistic is that organizations that experienced 11-20 insider attacks saw an increase of five times the amount of attacks they did in 2023 — moving from just 4% to 21% in the last 12 months.With insider threats on the rise, it’s critical for businesses to recognize the real dangers that originate from inside…

What does resilience in the cyber world look like in 2025 and beyond?

6 min read -  Back in 2021, we ran a series called “A Journey in Organizational Resilience.” These issues of this series remain applicable today and, in many cases, are more important than ever, given the rapid changes of the last few years. But the term "resilience" can be difficult to define, and when we define it, we may limit its scope, missing the big picture.In the age of generative artificial intelligence (gen AI), the prevalence of breach data from infostealers and the near-constant…

Airplane cybersecurity: Past, present, future

4 min read - With most aviation processes now digitized, airlines and the aviation industry as a whole must prioritize cybersecurity. If a cyber criminal launches an attack that affects a system involved in aviation — either an airline’s system or a third-party vendor — the entire process, from safety to passenger comfort, may be impacted.To improve security in the aviation industry, the FAA recently proposed new rules to tighten cybersecurity on airplanes. These rules would “protect the equipment, systems and networks of transport…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today