informa

Cybersecurity In-Depth

4 min read
article

Be Flexible About Where People Work — But Not on Data Privacy

If your policies don't keep up with your work models, your company's sensitive information could be at risk.

Return-to-workplace dates may still be in flux, but it's clear that hybrid and remote work is here to stay.

Major companies like Apple, Google, and Salesforce have said they plan to adopt a hybrid work model, requiring employees to be in the office for at least part of the week. Others, like Twitter and GoPro, have said they will allow employees to work remotely full time. At 3M, our new "work your way" policy gives non-production staff flexibility to create a personalized work plan that best suits them.

Hybrid and remote work hasn't just provided business continuity during the pandemic — they have made people more productive. They have also become a priority for employees. More than half of employees globally now say they will consider leaving their jobs if their employer doesn't provide post-pandemic work flexibility.

But hybrid and remote work doesn't happen only in the privacy of people's homes. It happens in public places like coffee shops and hotel lobbies. These locations present privacy risks that your company today may not address, such as unsecured public Wi-Fi networks and possible exposure of company secrets on workers' screens.

This is why any decision about the future of hybrid and remote work in your company must answer the question: How will we maintain control of the privacy of our sensitive and confidential information?

Policies Falling Behind
You don't need to tell IT or IT security managers about the potential risks of hybrid and remote work. About two-thirds of them already say they're very concerned that prying eyes will see sensitive information on those workers' screens, according to a recent Ponemon Institute survey sponsored by 3M.

The challenge is that policies aren't keeping up with how — or rather where — work is done today. In the same Ponemon Institute survey, only 40% of business managers say their organization has increased privacy policies since switching to hybrid and remote work.

If your company does address data privacy outside your organization's four walls, odds are good it's in a travel policy. And prior to the pandemic, that policy may have only applied to specific subsets of your workforce, like sales teams and executives.

Today, a much larger portion of your workforce is likely working a hybrid or remote schedule. And it only takes one simple mistake — like a worker stepping away from their laptop at a café to grab their lunch or working with their screen exposed to onlookers — to put your company's sensitive information at risk.

Clearly, what's needed isn't an updated travel policy but rather an entirely new remote-work policy.

Managing Remote Risks
So what should a remote-work policy address?

Because hybrid and remote work might be new to many of your employees, a good place to start is training and awareness.

These efforts should focus on educating employees about remote-work risks, the importance of visual privacy, and the need to always be aware of their surroundings in public or shared workspaces. Your training and awareness efforts should also outline the privacy safeguards all hybrid and remote employees should use.

When it comes to specifying safeguards in your policy, keep in mind that hybrid and remote work isn't always done in isolation.

According to the Ponemon study, an average of 40% of organizations' hybrid and remote workers spend time in coffee shops and shared workspaces. Even when employees are working from home, privacy isn't always possible. Only about one-third of business managers in the Ponemon study say they can prevent others from seeing their work at home.

This is why a mix of risk-mitigation technologies is so important. Yes, IT security tools are needed to help detect and prevent network-based risks. But you also need to consider in-person risks — the bad actors and curious snoopers who can capture sensitive information on an employee's exposed screen with a quick glance or discreet tap of a smartphone camera.

For these on-screen risks, privacy filters for notebook and monitor screens can help mitigate these physical privacy issues. The filters blacken out the angled view of onlookers, while providing an undisturbed viewing experience for the device user.

Settling Into the New Normal
Hybrid and remote work will be with us as we continue to manage through a global pandemic and after we've reclaimed some sense of normalcy. With the right policy and protection measures, your company's employees can enjoy the many benefits that remote work has to offer while managing the privacy risks that come with it.