March 2023 marks approximately three years since the world shut down at the beginning of the Covid-19 pandemic. Since then, organizations have seen their workforce change considerably. What was originally a short term plan to work from home has become ingrained in our new work culture. According to a recent LinkedIn poll, at-home work is ticking back up. Only 50% of workers are in the office full-time, the rest work from home full-time or have a hybrid schedule.
Surprisingly, many organizations have still not even done some of the fundamental work needed to reduce the added risks that come with remote work. And those risks are real. A recent report from IBM estimates that a single data breach costs $1+m more if most employees work remotely.
For those organizations that have made some upgrades to their risk management in the wake of the pandemic, it’s still important to keep up on new trends. Not only are many people working from home, many have changed the way they think about work and how they behave- giving rise to trends like “quiet quitting.” No matter where an organization is on their risk management journey, the time is now to get in front of new work from home risks.
Getting the Basics Right, Now
Giving employees the ability to work from home makes it harder than ever for companies to spot risks before they become threats. A lot of companies have been focused on productivity as their primary concern with at-home employees. In fact, about 68% of organizations with 500 or more employees have implemented employee monitoring, and many smaller companies have, too. However, simply adding monitoring to “track” employee behavior can actually become a bigger issue when organizations don’t implement the right process.
At the most basic, companies must do what they can to reduce blind spots and improve communication around monitoring. Every organization with at-home workers should upgrade their network access to use a secure VPN. Logins for sensitive databases and other systems should include multi-factor authentication, and passwords should be dictated by the company and changed frequently.
When it comes to improving monitoring, companies need to think more proactively. Organizations need to communicate the trade-off so that employees understand the value of monitoring as part of a strategy to keep companies productive and safe. People can work from home if they understand that the company needs to protect itself using analytics software. This is a very different message than one about a lack of confidence in worker productivity. When workers understand that companies take security seriously, they will better understand why software is needed.
Account for Quiet Quitting and Other New Trends
One important risk mitigation strategy that organizations should consider is better communication and analytics. People working from home can become alienated from their jobs, and badly managed monitoring can make it worse. When people work from home and feel negatively towards their employer, they can start to pull away from their jobs. This trend has been labeled “quiet quitting.” Once someone becomes a “quiet quitter” they become a bigger risk to the company. For example, 70% of intellectual property theft occurs in the 90 days leading up to someone’s resignation.
On the other hand, companies can forge stronger bonds with employees when they use insights proactively to communicate potential issues. With good analytics, managers can reach out and address problems before they become threats, saving the company time and money. Communicating clearly with people involved in risky behavior can help in a number of ways; a manager can repair a relationship with a disgruntled employee, a security blind spot can be identified and repaired, passwords can be changed, and access to sensitive information can be restricted before threats occur.
Create a Culture of Proactive Risk Reduction
Proactive analytics can also unite teams around risk mitigation more successfully. For example, if a report indicates that an employee is found accessing data that they shouldn’t, the IT team, HR and their manager can work together to secure the data and reach out to the employee in a way that doesn’t create a bigger problem. The right approach not only reduces risk, it actually improves communication and trust across the company because people feel that they are no longer being subject to “surveillance” but are part of a back-and-forth dialogue.
Best of all, ongoing workforce behavior analytics becomes a positive influence on the entire organization. By spotting issues and resolving them quickly and reaching out to employees that show signs of concern, companies have the ability to reduce the number of risks that become threats.
Insider Risk – How Prepared Are You?
Not every company is equally prepared to deal with insider risk. This report outlines the four stages of insider risk maturity and explores how to improve your insider risk preparedness.