An overwhelming majority of American business leaders believe that the risk of a data breach is higher when employees work remotely, a grave warning that comes on the heels of intelligence secrets being stolen from home computers.
According to a June 20 study by Shred-it, 86 percent of corporate executives and 60 percent of small business owners believe that the risk of a data breach increases when employees work out of the office.
“Employees working remotely can expose businesses to both physical and digital breaches, so it is important to have policies and safeguards in place,” the report said.
The report found that 69 percent of corporate executives and 71 percent of small business owners attribute data breaches to employees through accidental error and human loss. Business and government leaders have ramped up their focus on the “insider threat,” or belief that employees are the biggest risk to a company’s information security.
In October 2017, Russian hackers stole sensitive information from a National Security Agency contractor who stored the secrets on his home computer, according to the Wall Street Journal. The hackers allegedly penetrated the contractor’s computer through anti-virus software from Kaspersky Labs.
“There are several surveys that confirm that no matter how much an organization spends on technology, the single most important point of vulnerability in an organization remains its employees,” said Imran Ahmad, a lawyer at Miller Thomson LLP, in the study. “To avoid issues, employers should consider what type of access each employee should have when working remotely.”
To bolster security while working remotely, the report suggested evaluating third-party access and limiting types of information that can be used out of the office.
Still, it might not be enough. Companies and government agencies should assume that external networks contain hostile threats, according to a report from the National Institute for Standards and Technology.
“Organizations should assume that telework client devices, which are used in a variety of external locations and are particularly prone to loss or theft, will be acquired by malicious parties who will either attempt to recover sensitive data from them or leverage the devices to gain access to the enterprise network,” the NIST report said.
“Options for mitigating threats of loss or theft include encrypting the device’s storage, encrypting all sensitive data stored on client devices, or not storing sensitive data on client devices.”
The warnings come as more federal employees are teleworking. Telework participation increased to 51 percent of all eligible employees in 2016, according to a recent government report (using the latest data available).
Justin Lynch is the Associate Editor at Fifth Domain. He has written for the New Yorker, the Associated Press, Foreign Policy, the Atlantic, and others. Follow him on Twitter @just1nlynch.