Eskenzi PR ad banner Eskenzi PR ad banner
  • About Us
Monday, 25 September, 2023
IT Security Guru
Eskenzi PR banner
  • Home
  • Features
  • Insight
  • Channel News
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Channel News
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
IT Security Guru
No Result
View All Result

Preparing for a Pandemic

How to Ensure Productivity and Security When Employees Must Work from Home

by Joel
June 17, 2020
in Featured, Guru's Picks, Network Security, Uncategorized
Face Mask
Share on FacebookShare on Twitter

By Rita Selvaggi, CEO of ActivTrak

The global reach of the coronavirus has elevated the discussion around the need for “social distancing” and working remotely to avoid spreading the infectious virus. Global companies like IBM, Goldman Sachs, and PwC are asking employees to work from home, as are smaller organisations, such as Seattle-based online payment company Stripe.

As organisations consider having employees work from home on a more massive scale, it’s important to recognise that doing so also introduces certain risks to the business that must be mitigated. In this article, I’d like to cover three remote workforce-related risks: employee productivity, digital security, and compliance.

Not Every Employee is Productive at Home

A traditional work environment provides employees focus, stimulus, and engagement intended to optimise workplace productivity. So, it’s no surprise that some employees simply aren’t wired to work by themselves at home; with no co-workers or meetings, and plenty of distractions, the potential for lower productivity at home is significant. According to a study by Buffer, a lack of collaboration, loneliness, and motivation are challenges for those who work remotely.

So, how do you ensure employees deliver office-equivalent productivity levels?

A few actions may be necessary:

  • Set the Expectation – For some employees, setting expectations around working hours and productivity levels may be initially necessary. For instance, establishing that employees should plan to be working normal business hours when at home is a solid starting point. Additionally, hourly employees may need to be informed on how to keep track of their time – whether done manually or via a web-based time card application. Lastly, it makes sense for the organisation to communicate what the employee should do when they believe themselves to have become ill.
  • Embrace the Digital Workplace – Software vendors such as Microsoft and Google have spent years building out cost-effective solutions that allow users to communicate, collaborate, video conference, share documents, and use virtual desktops. When asking employees to work from home, it’s important to evaluate how more consistent use of  these types of solutions can help preserve productivity and engagement across teams.
  • Gain Visibility into Employee Productivity – In a traditional office setting it’s much easier to tell if an employee is working than when they are 30 miles away at home. But,  it still can be a challenge to establish productivity baselines and identify when and where productivity is lost, even if the employee works onsite.   Organisations should consider solutions that provide visibility and insight into whether employees are engaged and productive, regardless of their location.

Even if productivity isn’t a concern, the organisation does take on an added security risk with the introduction of a much broader remote access footprint.

Digital Security Becomes a Bigger Issue

While the vast majority of remote workers want to work from home (84%, according to Buffer), 37% of remote workers would pick a coffee shop as their second choice of work location. As humans, we need to connect, so finding a way to work while feeling a part of the world is still  important. Giving employees the flexibility to work in various remote environments may be the key to ensuring productivity, and even retention in some cases.

When employees work outside the safety net of the corporate network, it opens the organisation up to devices and WiFi networks that are potentially insecure – as well as users who no longer think they are “at work”. This combination of lowered defences is a perfect storm for cyberattacks that prey on unsuspecting employees. Using social engineering techniques, hackers can trick workers into giving up corporate credentials to online resources, install malware, commit fraud, and more.

Then how do you maintain security while working remotely?

Maintaining appropriate levels of security is a challenge with an anytime/anywhere/any device/any network-type of employee. The good news is there are things you can do, including:

  • Establish Shared Responsibility – It’s important to communicate that the employee has a role in ensuring the ongoing security of the organisation’s operations, data, and resources. A vigilant mindset is required, as cybercriminals watch industry trends and devise new scams and social engineering methods that continuously adapt to evolving circumstances.
  • Implement Layered Security – Solutions such as multi-factor authentication (to make certain the person using a logon ID and password is the owner of those credentials), Single Sign-On (to give employees a single web-based portal to access applications securely), device-based antivirus, email-based scanning (to spot malware-laden attachments and links before they reach the employee’s Inbox), and are just a few of the ways organisations can protect themselves against remote-work threats.
  • Monitor for Anomalous Behaviour – In a recent Verizon study, 39% of organisations had experienced an attack on mobile devices in the last 12 months. Solutions that provide visibility into employee productivity should have some means of also analysing user activity to identify suspicious or anomalous behaviours. For example, an employee logging on to a system at 3am (something they never do) may be cause for review to ensure the activity is appropriate.

And, because security is a concern, the risk of not being compliant with regulations around data privacy should also be in focus.

Compliance Requires More Scrutiny

The number of regulations that address issues of data privacy and security continues to grow, from HIPAA and GDPR to the new California Consumer Privacy Act. In each case, these compliance mandates require organisations to ensure security controls around certain types of protected data – and to be able to know when those controls are not upheld.

When users work remotely, organisations expose themselves to an increase in potential compliance breaches from scenarios as simple as a stolen laptop, to more complex phishing scam-turned-data breach, and everything in between.

So, what’s the right way to ensure you’re compliant?

While security is a moving target, compliance is a bit more like a yes/no checkbox – once you know what’s required, it’s possible to simply put controls in place that meet the requirement. The basic steps include:

  • Know Your Regulations – This should be a given. But having an understanding of what regulations your organisation is subject to, be it relating to construction or otherwise (more information), and experts on your team to help you comply with them, is the starting point.
  • Understand What’s Required – Each regulation has requirements that need some level of subjective interpretation, especially with regard to remote workers. For example, GDPR states that personal data of EU residents must be “processed in a manner that ensures appropriate security of the personal data, ” stipulating that organisations need to protect against “…unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures”. While pretty general, this directive helps the organisation narrow its focus; you can easily identify which employees, applications, data sets, etc. are subject to audit, and put controls, processes, and solutions in place to ensure the security of the regulated data.
  • Review Compliance Controls – Compliance is about behaviour, so it makes sense that the organisation needs visibility into the behaviour of its employees. Employees who have access to sensitive systems, applications, and data may be subject to activity audits to ensure specific data protection mandates are upheld. Solutions focusing on employee behaviour monitoring can provide insight into, and context around, actions performed that either demonstrate compliance or signal a breach.

Keeping Remote Employees – and the Organisation – Happy, Productive, and Secure

In the case of a potential pandemic like the coronavirus, the easy part may be the decision to have employees work from home. The real challenge begins as organisations strive to achieve the same levels of efficiency, productivity, and profitability that they do “at work”. By considering the real-world implications of working from home through the lens of employee productivity, digital security, and compliance, organisations can set themselves up for success, despite the shift in how the company operates.

FacebookTweetLinkedIn
Share1Tweet
Previous Post

KnowBe4 and Agari Work Together to Transform Phishing Protection

Next Post

Intel vulnerability affects new Intel chipsets

Recent News

Adarma Names James Todd as Chief Technology Officer, Reinforcing Dedication to Security Operations Excellence

Adarma Names James Todd as Chief Technology Officer, Reinforcing Dedication to Security Operations Excellence

September 25, 2023
Nurturing Our Cyber Talent

Nurturing Our Cyber Talent

September 25, 2023
The Journey to Secure Access Service Edge (SASE)

The Journey to Secure Access Service Edge (SASE)

September 22, 2023
WatchGuard

WatchGuard acquires CyGlass for AI-powered network anomaly detection

September 21, 2023

The IT Security Guru offers a daily news digest of all the best breaking IT security news stories first thing in the morning! Rather than you having to trawl through all the news feeds to find out what’s cooking, you can quickly get everything you need from this site!

Our Address: 10 London Mews, London, W2 1HY

Follow Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Channel News
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

This site uses functional cookies and external scripts to improve your experience.

Privacy settings

Privacy Settings / PENDING

This site uses functional cookies and external scripts to improve your experience. Which cookies and scripts are used and how they impact your visit is specified on the left. You may change your settings at any time. Your choices will not impact your visit.

NOTE: These settings will only apply to the browser and device you are currently using.

GDPR Compliance

Powered by Cookie Information