Securing the Work-At-Home Environment

The new business realities created by the coronavirus pandemic include unprecedented numbers of people working from home or from other remote locations.

Global Workplace Analytics, a company that helps companies understand the business case for workplace strategies and practices, in a report released in April 2020 said more than half of U.S. employees (75 million workers) hold jobs and have responsibilities that could be performed, at least in part, from home.

The company forecasts that 25% to 30% of the workforce will be working at home on a multiple-days-a-week basis by the end of 2021. Kate Lister, president of Global Workplace Analytics, who’s been studying remote work trends for more than a decade, predicts the recent crisis will be a tipping point for employee work-from-home programs.

While the work-at-home trend can have positive benefits such as increasing worker satisfaction and decreasing carbon emissions from reduced commuting, it can also lead to potential data security and privacy risks.

Organizations will need to effectively address these challenges in order to make this new operational model work. Are they doing this? Not really, according to new research from Gartner.

The firm’s report, the Risks of Remote Work: Cybersecurity, published in March 2020, noted that companies have acted fast to allow remote work in the wake of COVID-19, “but most of them have neglected to convey the rules to follow.”

Leaders need to help communicate rules that include guidance on how to safeguard data, the report said. Two of the more important rules are to follow email protocols and avoid public Wi-Fi.

“The sudden and massive work-from-home arrangement now underway around the world presents companies with enhanced risks surrounding remote work,” the study said. “What was once a background concern over cyber security and disengagement is now front and center.”

Most employers have failed to convey the rules staffers should follow while working outside the office. The firm polled 500 U.S. employees in March and found that just 22% communicated a plan of action in response to the virus.

With data breaches at record highs in 2019, organizations were already vulnerable even before the pandemic hit, Gartner noted. But effective communication about behaviors is critical now more than ever.

The majority of security failures result from an organization’s own employees, the report said. In the current work-from-home environment, risk leaders need to work with the CISO and IT leadership to communicate cyber security guidance, and remind employees that rules regarding proper email protocols must be followed outside the office.

“Coordinate with your cross-functional partners to make clear to employees that the same security practices that are required in the office also apply at home,” it said. Remind workers to secure their home Wi-Fi systems, which is as simple as making it password protected.

Sending sensitive data to a personal email account or computer is an unnecessary risk, since such accounts and devices tend to be less secure, the report said. Instead, staff should always use a work-issued computer, or connect to the secure work network, such as a virtual private network (VPN), to work with personal information.

Organizations also need to review their remote work policies and ensure that they include measures to safeguard company data, and then distribute or redistribute the policies companywide to get the word out to all workers.

Risk teams should coordinate with the CISO and human resources department to send an email blast, with easy-to-read reminders and links to relevant policies including confidentiality policies. “Employees are not likely to read long policy documents when they’re glued to the news and trying to get work done,” the report says.

An additional step to bolster security for the work-at-home environment is to deploy physical security measures. For example, employees who are working with or storing sensitive data such as patient records or customer personal information need to take precautions to ensure that monitor screens and printed materials containing such data are not visible to other people who should not be seeing it. This might include locking home office doors and windows to prevent the data from being stolen.

And companies need to take steps to make sure home workers—and all employees for that matter—don’t fall prey to newly emerging scams that take advantage of the current situation. “Cyber criminals exploit peoples’ hopes and fears, and with a lot of fear around COVID-19 they’ve already found ways to cash in,” the report said.

Awareness about these scams is often the best protection, Gartner said, but organizations should also consider why employees are vulnerable to these threats and provide training resources that address them.