More and more leading companies — PwC, Zillow, and Amazon among them — are allowing their employees to remain remote indefinitely, but this workforce perk represents a real risk for employers. According to a recent report, 94% of organizations have suffered a cyberattack in the past 12 months. Almost three-quarters of these businesses were vulnerable due to a technology put in place during the pandemic.
People are the most vulnerable point of entry for a company, and with cyber risk increasing due to remote work, companies that are moving to this model need to be aware of the challenges and how to prevent them. To keep their businesses safe, companies need to make sure their technology is up to date and that their systems protect and monitor their employees for any signs of pressure or stress that could indicate an increased risk of insider threat.
People-based risk was a problem long before the pandemic, but the office environment provided employers with more control over employee conditions. In a remote or hybrid environment, employers have less visibility into employee activity, and as a result, the risk has greatly increased.
A survey released by an email security company found that the majority of IT leaders believed their employees have picked up bad cybersecurity behaviors since working from home, and 69% of these leaders believe that ransomware attacks will be a greater concern in a hybrid workplace. More than half are concerned that infected devices and malware could be introduced into the workplace by employees — a concern that is validated by the fact that 40% of employees plan to work from personal devices in the office.
However, a lack of physical visibility into day-to-day employee behavior shouldn’t stop companies from being proactive about developing policies to mitigate as much people-based risk as possible.
Companies should start by developing a cybersecurity policy and ensuring all employees and management are fully briefed and on board. An effective cybersecurity policy is entirely dependent on users being aware of how and where cybercriminals can attack, and what leaves them vulnerable.
Educating employees on the importance of staying aware of the danger and providing them with strategies to mitigate it — such as identifying and responding appropriately to social engineering and phishing attempts, choosing strong passwords and physically protecting their devices — will go a long way toward keeping an organization safe.
But the risk posed by employees is twofold. The first problem is damage that can be done by external malicious actors, which can be countered by raising employee awareness of these threats, and the second problem is insider risk, often caused by employees dealing with an excess of pressure or stress.
Whether this is caused by workplace-related issues, such as bullying or a toxic work culture, or by issues that are personal in nature, like financial strain or relationship problems, employers who fail to see the warning signs indicative of these problems are leaving themselves open to significant risk.
Even in an in-person workplace, it’s easy to miss the red flags of an employee in distress, but with employees scattered across a city, state, or across the country, it is that much more challenging to keep track of employee behavior.
With these challenges in mind, the most effective way for employers to mitigate this element of people-based risk in the remote work environment is to utilize a continuous monitoring system. When implemented properly, these platforms can flag signs of pressure or stress and alert the appropriate personnel to allow timely intervention.
With functionalities that allow for self-reporting and anonymous peer reporting, employers can encourage employees to be transparent about any incidents that may impact their work. Those who work more closely with certain coworkers can also report any concerns promptly.
Not only does continuous monitoring help protect companies from the damage of insider threats, but it can also help employers act quickly to reach out to employees who have been flagged and engage them in a conversation about their changes in behavior. At this point, employers can attempt to alleviate the employee’s stress, either by adjusting their working conditions or connecting them to an employee assistance program or outside resource that can provide the appropriate assistance.
The workplace has changed dramatically over the past year with the rise of remote or hybrid workforces, and the risks to employers have increased as a result. As this trend continues, companies need to be attentive to addressing these increased risks, primarily as they pertain to people-based risk, which is at the root of both cybersecurity breaches and insider threats.
By updating their technology and utilizing continuous monitoring to maintain visibility into employee behavior, companies can address both of these pressing issues at once and will be on track to continue operating safely as they make the transition into the future of work.