A recent Kaspersky study found that 61% of employees don’t feel isolated while working remotely, indeed, 37% of remote workers manage to communicate even better with their colleagues this way. The extensive use of non-corporate communication services enables better connections but increases the level of risk from unmonitored IT resources.
During 2020, people and organizations have been through many changes. The epidemiological situation and subsequent lockdown restrictions around the globe seriously affected the communication aspect of people’s private and working life. The new conditions created different challenges, and social isolation along with a lack of communication with colleagues – these were among the most discussed concerns for remote employees.
Kaspersky surveyed 4,303 IT workers from 31 countries to learn how businesses and people have managed to adjust to the new reality and how the new work formats correlate with employee wellbeing in the long-term. While the majority of employees have successfully transitioned to the digital communications era, a substantial number of respondents couldn’t adopt the remote way of life and still feel isolated (39%) while working at home. Given the fact that loneliness contributes to employee burnout, not less than other demotivating factors like exhaustion and anxiety, this statistic should be a matter of concern for business executives.
One reason for better connections formed with colleagues, reported by more than half of employees, could be the extensive use of non-corporate communication services that have increased according to the survey. Communicating for work purposes via non-corporate email services has risen from 67% to 69%, non-corporate messenger use has risen from 61% to 64%, non-corporate resource planning software from 42% to 45%, web-conferencing platforms from 83% to 86%, and social networks from 67% to 70%.
The problem is that less formal interaction between colleagues via non-corporate means does not only facilitate the communication and give the feeling of being connected but it also increases cyber-risks for the company. The so-called ‘shadow IT’ services are not deployed and controlled by corporate IT departments and could be potentially dangerous.
“People usually use additional tools for good reasons. And there is nothing wrong with employees trying to make their work and communications more convenient. Of course, non-corporate services or applications are not necessarily malicious (though this is possible too). Shadow IT solutions don’t let security or IT specialists gain the complete picture of the company’s digital infrastructure. That situation results in increased risk because defenders don't consider unsanctioned tools when developing threat models, data flow diagrams, and planning. IT departments also don't control access to shadow services and employees can compromise valuable corporate information such as by adding new members to an unauthorized work chat or not deleting former coworkers from it. Among other worrying aspects are careless utilization of unpatched apps or wrong privacy settings which lead to data leakage. Moreover, handling personal information via unreliable services causes fines for regulatory requirement violations,”- explains Andrey Evdokimov, Head of Information Security at Kaspersky.
Kaspersky shares the following recommendations to help businesses enable secure communication opportunities for their employees:
- Provide clear guidelines on the usage of external services and resources. Employees should know which tools they should or shouldn’t use and why. If they want to use new software for work, there should be a clear procedure of approval with IT and other responsible roles.
- Encourage employees to have strong passwords for all digital services they use.
- Set up an access policy for corporate assets, including email boxes, shared folders, and online documents. Keep it up to date and remove access if an employee left the company. Use cloud access security broker software that helps manage and monitor employee activity within cloud services and enforces security policies.
- Conduct basic security awareness training for your employees. This can be done online and should cover essential practices including those that protect against phishing, such as account and password management, email security, endpoint security, and web browsing.
- There are dedicated tools which provide visibility over cloud services and employees can access from corporate devices.