Mass Monitoring of Remote Workers Drives Shadow IT Risk
Nearly half (44%) of UK remote workers have had monitoring software installed by their employer, but the trend is pushing many into more insecure practices, Kaspersky has warned.
Around a year after the pandemic forced a majority of UK employees to work-from-home, the Russian AV vendor polled 2000 full-time staff to understand levels of trust among managers and employees.
Monitoring software can be an important bulwark against non-compliant and risky user behavior, especially given the large percentage of incidents that are caused by human error. Kaspersky cited monitoring of email, internet, app and phone usage as well as location tracking as increasingly common for employers to deploy on remote endpoints.
However, a third (32%) of workers polled for the study said that the use of monitoring tools would make them less trusting of their manager or team leader, and a similar number (30%) said they would be upset at the invasion of their privacy. Around a quarter (23%) said they would be concerned about potential access to their personal information via this software.
Yet even the perception that they are being watched may ironically force remote workers into more risky online behavior.
A quarter (24%) of employees polled said they use personal devices to avoid being spied on, while almost one-third (31%) said they would be likely to do so more often for work if they knew they were being monitored.
Some said they would raise a formal complaint with an independent body (26%), or even leave their current job (24%) if they found out they were being monitored.
Kaspersky principal security researcher warned that if organizations’ risk management of remote workers goes too far, there could be damaging consequences.
“Employees working on their own devices creates shadow IT, which presents an immense risk to businesses. With more than 90% of all cyber breaches caused by human error, companies must have complete oversight of how their IT systems and hardware are being used by remote workforces, and so must carefully balance their monitoring activities,” he argued.
“Without knowing what devices are potentially in contact with a business’s data systems, IT and cybersecurity teams have great difficulty anticipating how company data can be potentially compromised, sold on, or even held for ransom.”