Remote workers – telecommuters, freelancers, ‘gig economy’ members – make up an increasing percentage of the workforce. It can be tempting to skimp on security practices when it comes to remote workers. Here are some tips to ensure that out-of-sight doesn’t result in weak security.
Global Workplace Analytics reports that 3.7 million employees (2.8% of the workforce) now work from home at least half the time. Regular work-at-home, among the non-self-employed, has grown by 115% since 2005. When it comes to overall security awareness, 12% of employees claim to be fully aware of their organization’s IT security policies and rules. How many of these 12% are likely to be your remote workers? Probably not many.
Engaging with remote workers is critical to security
Just because remote workers may be out of sight, that doesn’t mean they’re out of your data. Think about your remote team members: what data do they have access to and what’s the impact if this data is breached?
Outsourced and gig workers, in particular, face challenges because most security training occurs in the workplace, and these workers have fewer chances to get trained or connect to security expertise.
Engagement – or the lack of it – is another reason why talking about security with remote team members is so critical. Remote workers aren’t just out of the office; they may also be unengaged. The Aon 2018 Cyber Security Predictions report found that:
Corporations depersonalizing the workforce and creating more virtually connected ecosystems has impacted the level of an employee’s psychological investment and engagement in their organization.
A lack of employee engagement can drive insider threats – whether negligent or malicious in nature – because a depersonalized workforce feels less invested in the employer.
Examples of risky behavior
Research from Cisco found that:
- 46% of employees admit to transferring files between work and personal computers when working from home.
- 13% of those who work from home admit that they cannot connect to their corporate networks, so they send business email to customers, partners, and co-workers via their personal email.
- More than 75% of employees don’t bother with privacy measures when working remotely in a public place.
Recommendations to ensure remote worker security
Here are three recommendations to help you keep security at the forefront when it comes to your remote team:
- First and foremost, don’t forget to share your security policies and your security awareness education with your remote team members. Go one step further by requiring written acknowledgement of the policies and periodically testing security knowledge (for example, via phishing simulations) – just as you do with your onsite team.
- Assess the ‘journey’ a remote worker takes when he needs to connect to your network, transfer a file, or backup files. Is the process so hard it might result in insecure shortcuts? If so, take steps to make the journey easier.
- Employee monitoring software provides many features to help you detect and prevent unsafe practices. Email monitoring can detect emails being sent to personal accounts. File activity monitoring will catch large file downloads. Smart rules enable you to notify, block, log out, or even lock-out a user to prevent data loss.
For additional tips on remote workers and security, check out our blog post on Ensuring Security in the Gig Economy: Whose Responsibility Is It? Click below to learn more about Teramind.