Your company likely made many quick decisions back in March 2020. As an IT leader, you provided the tools employees needed to stay productive while working remotely. It had to happen now or sooner.

Your team made it possible for the business to continue moving forward during the pandemic. It was not easy. But you got the right tools onto the network and into employees’ hands to keep things running. You kept your company safe and productive.

But now, companies like yours are realizing that some of the decisions that were the best move to make two years ago need to be revisited. The same tools that made it possible for teams to work together, create and deliver for the past two years may also be causing privacy issues for your employees and your organization.

What about privacy changed during the pandemic?

Privacy concerns can affect employees. A survey from F-Secure found that 67% of remote workers said that they were worried about security and privacy. That’s compared to 58% of other workers. In addition, 70% worry that their internet-connected devices could lead to a breach of their privacy. When employees are not concerned about privacy, they are more likely to focus on their tasks and be more productive.

However, remote work brings security challenges. In fact, a Forrester report found that 67% of cyberattacks on businesses were targeting remote employees. Risks have increased over the past two years due to remote working.

Now is the perfect time to pause and look at your current set of tools and tech. Are they the best choices for your company? Here are three types of technologies to take a look at with fresh eyes from a privacy perspective.

Privacy concerns with employee surveillance software

Many companies were not comfortable with the idea of employees not being on-site to ensure they were really working. So, they turned to employee surveillance software. This type of technology can be installed on company-provided devices, often without the employees’ knowledge or permission depending on the state. It captures a wide range of information, including recording voice conversations, taking pictures of the employee’s screen and recording video.

Harvard Business ethics professor J.S. Nelson told TODAY that during the move to remote work due to the pandemic, sales of employee workplace surveillance software more than tripled. Employees who worked at a company with more than 500 employees were likely to have some kind of surveillance software installed on their devices. However, employees are concerned about this level of tracking. They also worry attackers could steal private information during a data breach.

Using other methods to ensure productivity

In general, remote work doesn’t hurt productivity. University of Southampton’s Work After Lockdown study asked workers about their productivity working remotely from July 2020 to December 2021. 90% of the employees rated their productivity as either the same or higher while working remotely. Additionally, 54% rated it as higher than before the pandemic.

Instead, companies shifted to a culture where they measure employees on completion and quality of their work instead of time in their seats. They can continue this level of productivity without monitoring. Companies who installed this technology during the move to remote work should take another look at the need both in terms of privacy and employee satisfaction.

Maintaining security while complying with privacy rules

Meeting both cybersecurity and privacy concerns has always been a tough challenge. The difficulty has only increased with the move to remote or hybrid work models. What else can employers do that doesn’t involve employee surveillance software? Instead, use technology that increases cybersecurity by reducing vulnerabilities.

Here are three ways to meet the often-conflicting needs of the two demands:

  • Segmenting employees’ home networks. Segment home networks between work and personal devices. This approach reduces the impact of a breach. After all, if an attacker breaches a personal device in the home, the virus cannot spread to work devices and then the work infrastructure. This also reduces the visibility that the company has into the employees’ personal devices and networks. After all, the person doesn’t access them on the same network.
  • Implement a zero trust approach. By moving to a zero trust approach, you can more effectively protect remote workers. Yesterday’s approach was meant for a designed perimeter, but zero trust uses different technologies and strategies. It operates on the principle that all access requests are not authorized until proven otherwise. Organizations that use micro-segmentation as part of their zero trust framework also limit the impact of a breach. Their employees only have access to the area of the network they need for business purposes.
  • Use identity and access management (IAM). The 2021 IBM Cost of a Data Breach found that compromised credentials continue to be the most common initial attack vector. By using IAM, which is the cornerstone of zero trust, you can focus on controlling access to the network instead of trying to control the perimeter. IAM uses machine learning and artificial intelligence to understand a user’s typical patterns, such as behavior, browser type and device. The tools create risk scores when odd patterns emerge.

Many employees blend work and personal life, even more, when working remotely. This may be good for productivity and satisfaction. However, this shift makes it even harder to balance privacy and cybersecurity. Plus, the first priority still needs to be keeping employees as productive as possible. With the trend for increased hybrid work, companies can strike this balance and create a positive path forward.

More from Risk Management

Cost of a data breach: Cost savings with law enforcement involvement

3 min read - For those working in the information security and cybersecurity industries, the technical impacts of a data breach are generally understood. But for those outside of these technical functions, such as executives, operators and business support functions, “explaining” the real impact of a breach can be difficult. Therefore, explaining impacts in terms of quantifiable financial figures and other simple metrics creates a relatively level playing field for most stakeholders, including law enforcement.IBM’s 2024 Cost of a Data Breach (“CODB”) Report helps…

How Paris Olympic authorities battled cyberattacks, and won gold

3 min read - The Olympic Games Paris 2024 was by most accounts a highly successful Olympics. Some 10,000 athletes from 204 nations competed in 329 events over 16 days. But before and during the event, authorities battled Olympic-size cybersecurity threats coming from multiple directions.In preparation for expected attacks, authorities took several proactive measures to ensure the security of the event.Cyber vigilance programThe Paris 2024 Olympics implemented advanced threat intelligence, real-time threat monitoring and incident response expertise. This program aimed to prepare Olympic-facing organizations…

Protecting your data and environment from unknown external risks

3 min read - Cybersecurity professionals always keep their eye out for trends and patterns to stay one step ahead of cyber criminals. The IBM X-Force does the same when working with customers. Over the past few years, clients have often asked the team about threats outside their internal environment, such as data leakage, brand impersonation, stolen credentials and phishing sites. To help customers overcome these often unknown and unexpected risks that are often outside of their control, the team created Cyber Exposure Insights…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today