Employers are increasingly offering remote work options as a differentiator to attract top talent in today’s competitive hiring market. And, with modern technology at their fingertips, employees have come to expect a seamless working experience whether they’re home, in the office, or on the road.
These new expectations, coupled with the increase of contract and part-time workers, have forced organizations to adapt to a whole new workplace landscape. Along with new opportunities for employers to attract talent, remote work can also present new cybersecurity challenges.
To do their jobs properly, employees (regardless of location) often have access to a wealth of valuable information: intellectual property and financial, personal, and operational data. This data ultimately helps organizations to establish and maintain competitive differentiation, build detailed analyses, optimize operations, and improve efficiencies. It also requires the proper data security practices to ensure that information is safe regardless of where employees are logging in from.
In an effort to understand how technology and trust are impacting the enterprise, my company, insider threat management firm ObserveIT, recently commissioned research company Vanson Bourne to conduct a survey of more than 600 IT and cybersecurity decision makers to find out how cybersecurity is perceived within their organization. Stemming from those findings, here are a few tactics that organizations can implement to ensure employees can securely access data and perform their jobs from anywhere—while also building trust between workers and their employers.
1. Use Modern Technology to Make Remote Work Safe
By embracing modern security technology, organizations can enable employee productivity while prioritizing employee satisfaction.
When I talk with prospects and other industry leaders, I often hear the challenges that organizations face in protecting their data. For example, I recently caught up with a friend who works at a private equity firm; he shared that his company is facing challenges with allowing employees to work remotely outside of the corporate offices. Regardless of the firm’s security efforts, employees continue to use USB devices to transfer sensitive corporate documents, and executives work from hotels around the country without connecting to the corporate virtual private network (VPN).
This is a perfect example of where technology could help the organization to have better visibility into the movement of data and potential vulnerabilities. Having comprehensive visibility into data and user actions provides the confidence that security will be maintained no matter where employees are working because they are held accountable through extra security precautions. With the workforce demanding more trust and freedom to choose their work style and environment, organizations and their cybersecurity policies have to evolve.
That also means adopting the latest security technologies. But with a proliferation of new tools on the market, it’s no surprise that companies are struggling to define new rules around data movement. Modern business processes and technology cannot be secured by outdated security approaches, such as data loss prevention (DLP). In fact, according to Vanson Bourne, half of the survey respondents have given up on DLP technology because it is heavy on endpoints, hard to deploy, and difficult to maintain due to the time-consuming classification process.
Today’s organizations need to be protected by technology that is comprehensive, yet flexible, working as an aid—not a hindrance—to communication and collaboration in the workplace. This means enterprises need to adopt innovative solutions from vendors such as ObserveIT that provide real-time alerts and actionable insights into user activity, so potential threats are detected and addressed before financial and reputational harm can be done.
2. Solicit Feedback From Employees
If people aren’t given the tools they need to effectively and efficiently do their job, they’ll find alternative and less secure options, including Dropbox, USBs, personal email, and Google Docs. Shadow IT, or employees’ efforts to use technology to perform their jobs that is not sanctioned by IT departments, can lead to employees either accidently or maliciously sharing data with outsiders who might take advantage of personal or proprietary information. In fact, since 2016, the average number of cybersecurity incidents involving employee or contractor negligence has increased by 26 percent, and by 53 percent for criminal and malicious insiders, according to a report released last year by The Ponemon Institute.
Traditionally, the standard approach to workplace application protocol has been to completely lock down the network and whitelist only the software that employees can use to communicate and move data. But we’ve found this process to be fairly ineffective and slow, actually limiting company growth by stalling employee productivity.
To ensure a productive, mobile, and secure work environment, leaders need to listen to the needs of employees. Change and constant innovation is paramount to not only keeping people productive and staying ahead of the competition, but keeping data safe. Work with employees to create policies that protect the company and its data—but don’t hinder their ability to do their jobs.
3. Implement the Right Training to Build Trust
According to the Vanson Bourne survey, 46 percent of respondents feel that their organization doesn’t trust its employees when it comes to information security. When organizations trust their workforce, employees feel more empowered—and as a result, they are more productive.
But it’s important to note that trust doesn’t often come right away. Employers need to build the right training programs to ensure employees are aware of the risks associated with disregarding corporate security policies and shadow IT in general. One of the biggest hurdles is that employees often don’t even know that their actions are violating established policies, highlighting the need for company-wide education.
The Vanson Bourne research confirms that education and training seem to be challenging areas for organizations. In fact, 43 percent of respondents don’t have a policy that prohibits staff taking IP/data with them when leaving the organization, and 59 percent of organizations surveyed don’t explain the contractual penalties for putting the organization at risk. It’s vital not only that trust is instilled while employees are handling data every day, but also that there are comprehensive offboarding policies in place for when individuals leave the company.
***
Providing employees with more freedom means allowing them to be more productive and mobile, but it also exposes employers to more security threats. With a proactive approach to training, education, and technology, companies will be poised to embrace new workplace norms while also protecting their most valuable information assets.
