Video is personal until it isn’t
Remote work can get pretty close to working on-site. There’s a plethora of digital tools for brainstorming, project management, document storage, meetings, and even water cooler talk. There’s text and there’s phone and there’s video.
Even with all these technologies, apart from some instances, the bond a team forms in-person is hard to match online. A study from MIT’s Human Dynamics Laboratory found that the best indicators of highly productive teams is their “energy and engagement outside formal meetings.” Remote work often means team interactions are defined by formal meetings. Building opportunities to connect outside of formal meetings takes much more effort and initiative online than when on-site.
If a team lacks the resources and commitment to build this camaraderie, workers may feel less personal connection to the company, which affects their outlook and loyalty to the company. Gallup research shows that those who have a best friend at work are twice more likely to recommend their place of work. Insider risk can become a threat when workers stop feeling accountable for the entire organization and start looking out for only themselves.
Life, liberty, and less visibility
One of the most effective ways to reduce insider threat is to watch out for behavioral indicators like working overtime, high stress, and frequent disregard of information technology policies. While some behaviors can be detected by data loss prevention solutions, many are best detected through human interaction. In the absence of informal check-ins and presence of peers, employees may fly under the radar, leaving the risk of personal problems turning into serious risks for the company.
Keep in mind that this risk applies to both well-intentioned and malicious insiders. Employees who started out lonely may start to act out of desperation or hostility, and stealing data is much easier from a home vs. a work office.
Bad habits become negligence
Managers of remote teams lack the ability to physically walk the halls to encourage (and enforce) standards of behavior. When employees have much more autonomy in how they work, the lack of oversight provides more opportunities for negligence, both intentional and not.
The ability to work from home or cafe or beach means a wide range of exposure beyond an office building with rigorous standards and 24/7 security. Passing strangers might catch a view of the screen, or overhear a phone conversation that shouldn’t have happened in public. Distractions or attempts at multi-tasking could result in slip ups to protect company data. Even a cyber-aware professional may forget to lock their laptop in a rush or throw documents in the trash without shredding.
Negligence also happens working isolated, when employees blur the lines between work and home, passing information between unsecured (or poorly secured) networks and personal devices for reasons like convenience. A recent study by the Ponemon Institute reported that 63% of data breaches are attributed to negligence. Expect the risk of a data breach to go up when remote work is the main mode of operation. When the working environment is left to the individual to secure, a business accepts a higher probability of exposure.
More technology, more attack vectors
When nearly 100% of the communication happens online and remote, the natural result is a larger attack surface. This attack surface increases when employees use their personal devices to login to corporate VPN, a common setup for companies as a cost-saving decision. VPN, however, was not architected for Bring Your Own Device; VPN allows full network access to anyone connected. If the personal laptop is compromised or the employee is seeking to commit fraud, your entire infrastructure is accessible.
Additionally, the increasing use of cloud applications makes data breaches much easier, especially with improperly configured identity management and security settings, leaving some data repositories exposed to the public with the right URL. Employees may also create accounts and drop sensitive company data on brainstorming or note-taking web services, which may be unsanctioned by your organization.
What to consider from here
The advantages of remote work often outweigh returning to working 100% on-site, but being aware of the risks will help you understand what steps to take to protect your business. Once you reach an acceptable level of risk, you will be able to remain competitive by recruiting the best staff and protecting your most critical data.
