News

How to address data-privacy risks created by remote and hybrid work

The transition to remote work changed how millions of people do their jobs during the global pandemic. But the new ways — 
and places — 
in which people work has also brought on new challenges, such as the potential exposure of companies’ sensitive and confidential information.

A new study conducted by Ponemon Institute sheds some light on this challenge. For example, it found that an average of 40% of organizations’ remote or hybrid workers spend time in coffee shops and shared workspaces, according to IT and IT security managers surveyed. These public spaces present unique data privacy and security risks — 
from unsecured wi-fi networks to visual hackers who can see and capture sensitive information on workers’ screens.

IT respondents in the Ponemon survey were aware of these risks. For example, about two-thirds of them said they were very concerned that prying eyes would see sensitive information on remote or hybrid workers’ screens.

The challenge companies now face is how they can maintain control over the security and privacy of their information, especially as they look to make remote and hybrid work permanent options after employees return to the workplace.

A new kind of policy

Only 4 in 10 business managers surveyed by Ponemon Institute said their organization has increased its privacy policies since transitioning to remote or hybrid work.

Part of the challenge is that most companies have never had remote or hybrid work policies. If they addressed the topic of safeguarding sensitive information outside their office walls, they probably did so in their travel policies.

Clearly, remote and hybrid-work policies are needed, but what should they address?

First, policies should specify safeguards for mitigating data privacy and security threats.

The top five top technologies that IT and IT security managers in the Ponemon study said they believe are most effective for protecting privacy and security in a remote or hybrid work environment included:

  • Incident response platforms
  • Anti-virus/anti-malware software
  • Big data analytics for cybersecurity
  • Identity management and authentication
  • Intrusion detection and prevention systems

These technologies help secure network access and detect possible threats on the network. But they don’t protect against potential physical risks like visual hackers, who need only their eyes or a smartphone to see and capture sensitive information on an exposed screen.

Second, training and awareness programs should address remote and hybrid work risks and educate employees on mitigation methods. These programs must make sure employees know the importance of visual privacy, to always be aware of their surroundings and what privacy safeguards they should be using.

And third, policies may also need to acknowledge that for many employees, working in a completely private space simply isn’t an option. For instance, only about one-third of business managers in the Ponemon study said that working at home makes it possible to prevent others from seeing their work.

For these risks, screen privacy filters for notebooks or monitors provide a simple method for protecting data privacy. The filters blacken out the angled view of onlookers, while providing an undisturbed viewing experience for the device user.

Some laptops have software that, when turned on, creates a privacy-like effect. But there’s the risk that workers will forget or choose not to enable the feature. A better option are privacy filters that are physically fitted to laptops, monitors and mobile device screens. These filters can provide the desired level of privacy and other benefits, like glare reduction, blue light reduction and screen protection.

Addressing in-office risks

Data privacy isn’t only a concern for remote and hybrid workers. It should also be a priority inside an organization’s walls.

Research has shown that office workers can be susceptible to visual hackers. In a past Ponemon study, white-hat hackers posing as part-time or temporary workers were sent into the offices of eight participating companies. In 88 percent of attempts, they were able to visually hack information such as employee login credentials, accounting information and customer information.

As companies revise their policies to address remote and hybrid-work challenges, they should consider updating policies for office workers at the same time.

For example, a “clean desk” policy should be in place to require that workers turn off device screens and remove papers when they leave their work areas. Privacy filters should be fitted on all computer and device screens within a company’s offices or facilities. And document shredders should be located wherever workers regularly handle sensitive information.

Adapting to a new normal

Companies were swift to change how work was done with the arrival of COVID-19, and they can do the same as they adjust to a future where remote and hybrid work is the new normal. With the right policy changes, companies can give all workers the flexibility they need, while simultaneously safeguarding their information.

Back to top button