Employees working from home may present a threat to cybersecurity

Dive Brief:

Employees working remotely are behaving in ways that make the company more susceptible to breaches, a May 28 study from Tessian said. And a separate study from Bitglass found that employers are ill-prepared to meet the enhanced cybersecurity needs that come with expanding remote work policies.
Tessian found that 48% of employees are less likely to follow safe data practices at home, and that 52% believe they can get away with riskier behavior. Over half said that security policies inhibit productivity, with younger workers more likely to feel that way. Survey respondents said they were less likely to follow safe data practices because they were using different devices, experiencing distractions at home and overall feeling less oversight from IT.
While most IT leaders trust their employees to do the right thing at home, 84% of IT respondents in the Tessian survey said data loss prevention is more challenging when employees are working remotely. The Bitglass survey of IT professionals found that companies are not able to do enough to expand and improve secure access to company systems. It found that 65% of organizations enabled personal devices for access to managed applications and named file sharing, web or SaaS applications, and video conferencing as the application types IT pros are most concerned with.

Dive Insight:

Data security was a high-priority risk before the coronavirus, and it may become a larger issue now given that many employers are planning to keep remote work going after shutdowns end. HR departments may not be ready for this reality; a survey from November 2019 found that HR managers were not well-equipped to handle these threats.

Of course, as employers rushed to enable remote work across the month of March, it created a profound cybersecurity risk, as The International Association of IT Asset Managers noted. Now that this period of emergency measures is over, HR leaders may need to strive for greater awareness of data security and risk-prevention practices among their workforces. The Tessian survey noted that frequency of training does not directly correlate to less risky employee behavior, even though 61% of organizations performed training at least every six months.

On top of personal device risk and the threat of malware, the Bitglass survey highlighted proper equipment as the biggest impediment to scaling security for remote workers. This challenge is also compounded by talent shortages which exist in cybersecurity, even as the position grows more important to the business function.

HR leaders should be wary of the strain these changes and heightened risks have put on IT teams. Burnout is a problem regardless of function, but those in IT have carried significant burdens as employers move further into the world of remote work.