listen to this article:
Telecommuting, working out of coworking spaces, working from home a couple of days a week, and the support of the increasingly international mobile professional were common themes before the pandemic swept across the world in early 2020. The office still held pride of place in the minds of the captains of industry, although some smaller firms were vocal about the benefits of full-time remote work.
Some larger firms had tried long-term work from home strategies, too, but with mixed success. When Marissa Mayer, CEO of Yahoo, cancelled the firm’s telecommuting policy in 2013 and ordered everyone back to the office to enable serendipity, random interactions, and improved collaboration, there was quite the uproar.
In summary, before the pandemic of 2020, working from home—and other places outside of the office—was an accepted way of working for some people some of the time.
The New Normal Post-Pandemic
And then the pandemic struck. Working from the office was the new public health enemy number one, and a wave of shelter in place, work from home, and avoid going to the office mandates swept across the world. Organizations with offices in prime city locations were left holding expensive leases for empty buildings. The real estate industry started to wring its hands in despair. Office rents plummeted.
The Rise of Working From Home (WFH)
In our April 2020 research on the impact of COVID-19 on companies, we found a four-times increase in the percentage of employees working from home—from 18% before the pandemic to 80% within a month of the pandemic starting. Only one in five organizations said they were “very well prepared” to deal with such a crisis.
The percentage of people working from home has fluctuated since the pandemic started:
- In October 2020, aPew ResearchCenter study found that 71% of employed adults were working from home, up from 20% before the pandemic.
- In April 2021,Gallup foundthat 51% of all U.S. workers worked remotely at least 10% of the time, and this increased to 72% of workers in white-collar jobs. On average, 35% of all workers would continue working remotely as much as possible, if given the choice.
- In August 2021,Statistics Canada published a studythat said an average of 30% of workers aged 15-64 had predominantly worked from home from April 2020 to June 2021. The numbers varied by industry, organization, and region.
The Aftermath of Forced WFH Policy on Security Infrastructure
Remote work strategies that go through the appropriate due diligence and careful planning cycles can ensure security remains an integral element. When it is suddenly forced on people and organizations, the risks of remote working become pronounced. During the pandemic and its aftermath, we saw:
- A “do whatever it takes” mindset, where people embraced new cloud services without the normal security clearance processes of corporate IT. This led to the rapid adoption of new and vulnerable tools to quickly address the remote work mandate. Some tools were vulnerable due to design issues (e.g.,Zoom), and other tools were vulnerable due to misconfiguration (e.g., Amazon S3 buckets).
- People working from homes and apartments that we not set up to be a joint living and working space. Other people in the home shared usage of corporate-owned devices for personal and entertainment purposes—increasing the risk of malicious apps gaining access to corporate data.
- When corporate devices were not available, people commandeered a home computer for work purposes, which connected non-corporate devices and uncertain security provenance to corporate networks and sensitive data repositories.
- Cybercriminals harnessed the fear and uncertainty of the pandemic to significantly increase the volume of phishing attacks leveraging COVID-19 themes to steal account credentials.
Are Employees Following WFH Best Practices?
A recent survey by Tessianv compared the expectations of IT leaders about employees following security policies when working from home and the actual security practices of employees. For example, in organizations with 250-999 employees, 95% of IT leaders said they trusted employees to follow security policies when working from home, while 54% of employees said they were less likely to follow safe security practices when there. There was a significant gap between expectation and practice across company of all sizes.
The study further asked employees why they were less likely to follow safe data practices when working from home. The two primary reasons were about relaxation in device controls and less IT oversight:
- Because I am not working on my usual devices (50%)
- Because I feel as though I’m not being watched by my IT team (48%)
- Because I am distracted (47%)
- Because I’m under pressure to get work done quickly (39%)
The Imposed Shift on CISO’s
The change in location for where work is done, the introduction of new untested devices used, and the enterprise security processes that do and do not shift so easily imposes an elevated demand on security and executive decision-makers to ensure organizational data is protected wherever it resides. This means approaches that guarantee strong encryption regardless of the repository or cloud infrastructure, with organizational control over encryption keys.
Call To Action
Work from home is here to stay for the foreseeable future—for some people most of the time, and for many people some of the time as new hybrid workforce designs are embraced. But irrespective of the highs and lows of remote work, the need to ensure unified protection of organizational data is a perpetual requirement.