While data collectors had no time to prepare for employees to start working from home in early 2020, there is time to prepare for the shift back to the office.
Without a doubt, many data collectors are struggling with the cybersecurity risks created by employees shifting from the office to their homes in 2020. Interestingly, despite having no time to prepare for the shift home in early 2020, we have not heard much news about breaches or other incidents. Nevertheless, data collectors can be certain that cybersecurity issues created by employees using sensitive data while working remotely are out there. These issues are two-fold: first, data collectors are struggling with the fact that safeguards once in place in the office are no longer in force when employees work from home. Second, while it may be unclear when it will happen, data collectors will have another challenge to protect data as employees begin returning to the office. In short, there are a lot of unanswered questions created by the work from home environment (“WFH”).
In the recent study entitled Securing the Future of Hybrid Working: How to protect your people as they choose to work-from-anywhere [1], Tessian, a technology security company, sheds light on some of these questions related to working from home and the challenges in moving employees back to the office. Specifically, Tessian provides the following about the purpose of this study:
Now, after months of working from home, businesses are at a crossroads. They must plan for what happens post-pandemic and decide whether the long-term future of work for their employees is remote, office-based or a combination of the two.
Tessian provided the following information concerning the respondents to the Study: “During August 2020, Tessian commissioned OnePoll to survey 2,000 working professionals: 1,000 in the US and 1,000 in the UK. Survey respondents varied in age from 18-51+, occupied various roles across departments and industries, and worked within organizations ranging in size from 2-1,000+.” Therefore, this study was conducted at a time when data collectors were in the middle of the shift to WFH and still having to consider the shift back to the office.
The baseline for this study is the fact that 11% of the respondents stated they wanted to return to the office. While it is clear the vast majority of the respondents indicated they would prefer to not return to the office, there are a number of practical considerations that require some workers to return to their offices. Still, the study found two-thirds of the respondents “believe the future of work will be “remote” or “hybrid” — where employees choose to split their time between working in the office and anywhere else they’d like.” Therefore, data collectors will need to account for the fact that workers are going to want to continue to work from home.
While the study makes it clear that a majority of people may want to continue the current WFH environment, there are still practical considerations such as systems security. The study found 85% of the respondents with IT backgrounds believed their workload would increase if the WFH environment continued after the pandemic. And, these concerns appear to be warranted since “[b]etween March and July 2020, one in three organizations saw an increase in ransomware delivered by phishing compared to the five months prior. Further, the respondents reported that one-third of the attacks were ransomware attacks delivered by phishing emails to computers from employees working from home. The concern becomes clear as 82% of the respondents indicated that they believed their company was more likely to suffer a phishing attack when employees are working outside of the office.
The study did not just solicit predictions from IT experts. Looking back at 2020, the Study also found 43% of security incidents that occurred between March and July 2020 were caused by malicious insiders.
While the study provides significant insight into the current working environment, one fact sticks out concerning strategies to bolster security. More than half the respondents (58%) indicated they planned to use staff training to address their security concerns. This finding is interesting to the extent staff training was a practical and effective method to protect data before workers moved home. Staff training can be just as effective while workers are at home. Of course, the training may have to be done through a webinar or video conference during the pandemic. And, finally, staff training will undoubtedly play a significant role to keep data safe as employees move back to the office.
It would be great to continue this conversation. I will be on a panel discussing privacy for remote workers and learnings held by hub88 on October 14, 2020. It is free to join us [2]!
For more information about this article, contact Todd Rowe, working at home, of course, at trowe@tresslerllp.com [3].