Data security: A hidden business cost of working remotely
The benefits of working remotely are numerous, but there are significant hidden costs that need to be factored in.
Data is being lost from companies at an alarming rate and, so far, there does not seem to be a solution. A recent survey conducted by Arlington Research for Egress Software seems to suggest one of the causes wasn’t on anyone’s radar a year ago.
Arlington Research interviewed 500 IT leaders and 3,000 remote workers in the U.S. and U.K. employed in the financial services, healthcare or legal sectors. Their conclusions are published in the Egress Software paper Data Loss Prevention Report 2021. The following are key findings from the survey.
SEE: Social engineering: A cheat sheet for business professionals (free PDF) (TechRepublic)
What’s happening?
- 95% of the participating organizations say they’ve suffered data loss in the last year.
- 83% of organizations experienced email data breaches in the last year.
Why is the risk higher in 2021?
- 85% of employees are sending more emails.
- 73% of employees feel worse because of the pandemic.
- 60% of employees are working in environments where distractions are commonplace.
- 59% of IT leaders report increases in email data loss since implementing remote working on a large scale.
- 24% of email data-breach incidents were caused by employees sharing data in error.
What role does technology play?
- 79% of IT leaders admit to experiencing difficulties using static Data Loss Prevention (DLP) tools.
- 42% of IT leaders say that half of all incidents are not detected by their static DLP tools.
What has changed?
The thousand-pound gorilla in the room is how remote workers are being affected by the pandemic. “As we approach a year of working from kitchen tables or makeshift offices, it’s time for organizations to consider the human impact of long-term remote working and what this means for security,” said Tony Pepper, CEO of Egress. “In normal times, organizations know that it’s possible for a small proportion of the workforce to feel burned out and tired, or to be dealing with issues in their personal lives.”
“However, our research found that three-quarters of remote workers are currently feeling this way,” continued Pepper. “It is unheard of for entire workforces to be experiencing this level of stress all at once and over a sustained period of time. The risk this creates in terms of security cannot be overestimated.”
The hidden costs of remote working
Pepper suggests the loss of data security is the overarching hidden cost of remote working. The damage caused to businesses from losing company and/or customer data can be significant. “At a time of financial uncertainty for many businesses, data security needs to remain high on the agenda,” mentioned Pepper. “Organizations need to be proactive in providing a safety net for their people to prevent accidental data breaches from occurring, especially while employees are working in these environments of heightened risk.”
One might suggest those concerns are not new, as they have been part of the ongoing struggle to keep data safe. However, three things have changed that make remote users more apt to lose data accidentally:
- Remote working increased reliance on email, particularly for sharing sensitive data. As stated earlier, 85% of employees reported sending more emails, which in turn increases the chance of losing data.
- Also mentioned earlier, 60% of survey participants are working in shared home offices and communal spaces where distractions are unavoidable. Besides confidentiality concerns, distracted employees are more likely to make mistakes that result in loss of sensitive company and or customer data.
- Always a concern: Stress. The Egress DLP paper reports that 73% of survey participants feel worse because of the pandemic. The blurring of work and home life has led to employees working longer in distracting environments.
Brandon Vigliarolo, in his TechRepublic article More than 90% of remote workers report feeling stressed, concurs that stress from working remotely is significant and leads to more mistakes.
Legacy DLP platforms are not helping matters
Managers (79% of those questioned in the survey) noticed the increase in data leakage and rolled out traditional DLP technology to stop the outflow of sensitive data. As noted in the key findings above, outdated DLP technology is not helping. Pepper comments, “It’s clear that legacy DLP tools are no longer fit for their purpose; they’re difficult to use, and because they do not take people’s behavior into consideration, they’re limited in their ability to mitigate the rising tide of email data breaches.”
What’s the answer?
Pepper suggests the answer is what he calls advanced, context-driven human-layer security that can detect abnormal behaviors and alert users to mistakes as they’re happening. “Put simply, it lets workers get on with being productive while keeping them secure at the same time,” said Pepper. “For example, an approach based on advanced human-layer security could employ machine learning technology to alert remote workers that they have attached the wrong file accidentally to an outbound email.”
Employees continue to work in challenging environments, and the lines between work and home life have blurred, both of which increase the likelihood of mistakes being made. Pepper concluded, “Organizations must be aware of these new risks and utilize advances in machine learning to give employees a safety net that can detect and prevent a remote worker from causing an accidental data breach.”