Talent recruiting and retention challenges, continued COVID-19 protocols, work/life balance rethinking, and real estate cost savings, are among the major reasons why companies maintain a remote work culture. To implement or expand remote work, technology platforms of all kinds were either purchased or upgraded in record numbers and in response to the data flow demand caused by talent working across borders.
Decentralizing of technology platforms to accommodate the worker’s locations has led to increased cybersecurity protections, however breaches and violations remain a challenge. The origins are not criminal, they’re human nature. And their intention is not to hurt, but rather a reaction to work/life stress.
A Harvard Business Review study surveyed 366 remote work professionals to self-report on daily cybersecurity policy requirements coupled with daily stress over a two-week period in summer of 2021. The study concluded 67% of the participants failed to fully follow cybersecurity policies at least once, with an extended failure rate of one out of every 20 work assignments. When the researchers asked why, the participants listed “to help others get their work done,” “to better accomplish tasks for my job,” and “to get something I needed,” which made up 85% of the answers.
“It has been a challenge. Companies have been hit with the burdens of complying with Covid protocols and exigencies and often a decimated workforce attendance-wise, while cybercrime has proliferated and become more sophisticated, making cybersecurity even more important,” says John C. O’Connor, Partner and Litigator with FordHarrison, who specializes in Contingent Workforce law and compliance. ”To make matters worse, the increase in the rate of employee turnover taxes training and monitoring resources and a physically remote workforce makes monitoring and training more difficult. A lack of clear and effective data protection policies and procedures that may permit employees to work from a number of different devices makes monitoring more difficult as well.”
The study concluded that the cybersecurity breaches were intermittent and not repetitive, which demonstrates that outside factors such as stress causes the non-adherence in protocol. Meaning, a compliance step was taken one day but on another was bypassed because of a stress related factor. The researchers stated that these non repetitive instances were likely caused by family conflicts during the work day, job security fears, and the cybersecurity policies themselves, which may have been considered new and required a best practices learning curve.
“I expect that the frequency and severity of cybersecurity policy violations by contract workers at companies that have clear and effective cybersecurity policies and monitoring with structured work environments – remote or otherwise – will decrease as the distractions of the last two years subside and training and education improve in this area,” says O’Connor. “For companies unwilling or unable to invest in such effective measures, the increasing proliferation and growing sophistication of the cyber criminals is likely to lead to a worsening situation. As the Great Resignation continues, contract workers are also likely to have less incentive to comply with less personal investment in their future with the company.”