Digital remote worker monitoring can increase business risk

0

Between mid-2020 and the summer of this year, 44% of the UK contingent of homeworkers induced by the pandemic had monitoring software installed on their devices supplied by the work. After a year in which business leaders and the C-suite lost sight of their employees, they apparently turned to digital motivation tools. But in this push for increased productivity, are organizations putting their long-term security at risk?

The idea of ​​digital surveillance, at first glance, appears to be a panic reaction to a forced transition to remote working. Almost overnight, this intertwined, easily visible and immediately responsible office dynamic was fragmented and dispersed into hundreds, if not thousands of separate homes – many no longer even in the same city or country, without talking about the same building.

At this point in time, as laptops and corporate phones were provided to ensure continuous operations and a seamless transition, it is perhaps understandable that policymakers sought to hang on to some level of control. The installation of monitoring software capable of tracking email, internet and app usage, phone usage, and even locations suddenly exploded.

The 44% figure is derived from a study conducted earlier this year by the global cybersecurity giant Kaspersky. The survey of 2,000 full-time workers in the UK – both management and employees – sought to explore the new dynamic between the two. And, for the most part, the feeling of confidence and appreciation at such a difficult time was promising.

Yet it was this exceptional statistic around digital surveillance that threatened to upset the peace, break trust, and transforming a productivity tool into a security risk.

The reason for this security threat is computer shadow. Almost a third of workers also revealed that they were likely to use a personal device for work purposes if they felt they were being watched by an employer.

As the dust settles on the Covid-19 explosion and remote working is retained as something we cherish in the new world, people’s initial understanding of their bosses’ need for control is likely to grow. blur. And if the use of personal devices for critical work operations grows as a result, companies may soon find that their attempts to make a digital connection put them at more cyber risk than ever before.

Breaking employer-employee equity

Digging a little deeper into the statistics from the Kaspersky study, nearly a quarter of those who have ever installed monitoring software, admitted to having opted out of the radar as a result.

It is such an easy danger to run. As we get used to this new work-life balance, it’s no secret that many people have lowered their perceived level of professionalism.

Do we wear a suit at the home office? Do we even have a home office? Can’t we just have the TV on in the background? Why aren’t pajamas suitable for a Zoom call? Why shouldn’t I be scrolling Twitter while taking a break?

And it is this last “what if” or “why not” that raises concerns. Already, as we sit inches from our phones or personal computers, the distance between work and play is literally an inch wide. Even without an extra push, the temptation to “reply to a single email” through your home phone, since it’s already in your hand, makes sense. Inevitably, this exponentially increases the likelihood of critical data falling into the wrong hands, a storage location, or an inbox.

Now let’s add that extra push. The above scenario operates under the umbrella of laziness, apathy, or convenience, rather than intention. An escape from the notion of surveillance adds a pretty substantial intention to this situation – and it is an intention that organizations can hardly afford to encourage.

“There is a certain irony in this situation, as companies fall into a trap that they have spent some time trying to avoid with their training and general cybersecurity messages,” says David. Emm, Senior Security Researcher at Kaspersky. “For so long now, politics has been based on education, openness and reprieve, rather than fear.

“The reason is that if people make a mistake and then try to cover it up, it is obvious that this incident is likely to become more of a problem. So, instead, the goal has largely been to create a relationship between employer and employee that encourages people to come forward – fairness, if you will.

“Now all of a sudden we are seeing an increase in the number of monitoring software installed on employee devices, which sends an unfavorable message to trust. That fairness is broken to some extent, and I’m concerned this now forces workers to flee, hide, hide, or get away from the network – not just in this case, but as a rule.

Monitor technology, not humans

Emm admits to being quite surprised by the results of the Kaspersky study, especially now. He notes that the use of monitoring software might have been more understandable or expected two or three years ago, when telecommuting was still taking its marks.

“But now, and even just before Covid, it wasn’t such a strange idea to have people working outside of an office,” he says. “Personally, I thought a lot of the worry and mistrust about flexible working or working from home was gone.

“And while Covid has obviously now been seen as that watershed moment for the trend, where we know productivity isn’t going down, and can even improve, then it’s going against the grain to introduce this kind of suspicious software. . “

In that vein, Emm’s immediate hope is that the trend will be short-lived and that the initial panic reaction was just, well, panic.

“We just need better communication on why policymakers feared the trend of working from home,” he says. “It can’t just be distrust of the person and to some extent has to be about the security of their operations, data, productivity and even devices. Maybe there was an element of wanting to make sure they were used correctly.

“And there is logic to that. It is absolutely necessary to keep up with Internet security software, manage system and application updates, keep control over permissions. It all makes sense.

“But taking those extra steps and leveraging documents, working models, cameras, locations, etc., just puts these other important things at risk, as people turn to shadow IT instead. “

An HR misstep on the way to a security threat

Emm also dissects the human resources (HR) side of this equation. “All of this seems counterproductive, with cybersecurity only being a significant fallout from the potentially dangerous relationship dynamics being formed,” he says. “With this monitoring software, employers apparently want a better understanding and a real-time view of what’s going on. And, as a result, they risk losing touch, confidence, and possibly even workers, as they go off-road or at the gate. “

And this last prediction is not too dramatic. In total, 31% of those polled, who had worked from home for a long time, confirmed that they were likely to leave their current job to avoid such levels of supervision.

Creating an HR nightmare en route to destabilizing the security network is a baffling concept for both Kaspersky’s Emm and Chris Parke, CEO of Talking about talent – a coaching consulting firm that helps organizations create work cultures that are more inclusive, fair and rich in opportunities.

Parke says: “I firmly believe that if you set very clear goals and parameters, it doesn’t really matter how someone does their job. I thought, and still do, that was a concept that executives were coming to as well, after the year or two that we had. This makes these statistics all the more surprising.

Parke emphasizes that trust has to flow both ways and that this movement creates a significant barrier between those flows.

“It takes a long time to build, but is very easy to break,” he says. “We’ve seen so much evidence of thought leadership and statistics showing that productivity actually increases through working from home. And then display such a level of mistrust in the face of this positive inclination strikes even harder. It’s no surprise to hear that people would see this as a watershed moment for their long term prospects with a business.

“And that’s just an implication. Along with these productivity statistics, there has been a lot of talk about cyber threats during the pandemic. So putting this aspect at risk even more doesn’t make sense to me. “

A short-lived panic?

A study by Deloitte recently revealed that more than half a million people worldwide were affected by breaches between February and May 2020 alone, and the results of Kaspersky’s study hopefully reiterate that a defense against this threat should not revolve around mollycodding, further scrutiny and the stranglehold on digital surveillance.

“If anything, we’ve seen that it’s likely to have the opposite effect,” Emm says. “The risk of shadow IT is clearly increased with the introduction of monitoring software, or even its threat. My hope is to find that that penny has dropped and that the panic around productivity has been short-lived.

“Visibility into technology is different from visibility around a person. And that’s where I think the line should be drawn. Optimal security is being able to follow the trajectory of a system, while trusting your training and HR so that people can work with those systems independently.

Share.

Leave A Reply