One of the most significant changes to our daily habits in the COVID-19 era has been the transition for many workers from working in an office to “Work From Home” (WFH). More than 60% of US employees now work remotely at least part of the time, with similar numbers in the UK. These statistics actually continue a trend that started before COVID. 99% of workers expressed the preference to WFH before the pandemic, and 99% would like to keep working from home at least part-time after it is over, and for the rest of their career.
Employees list many benefits to WFH, including flexibility, better work-life balance, and more. From the employers’ perspective, WFH saves money on office space, allows more hiring flexibility, and improves productivity. But these benefits come with challenges. 40% of companies that transitioned to WFH have reported an increase in cyberattacks. Employees using remote work environments which are out of the employer’s control, especially VPNs, is all the incentive hackers need. Threat actors exploit weaknesses in end-users systems to attempt to install keyloggers, viruses, and ransomware. All of these can steal corporate data, decrease productivity, and cost employers considerable time and money to remediate. Remember, even if your remote workforce is connecting through a VPN you control, if their endpoint does get infected, there’s still a risk that by using keyloggers and screenshots, your corporate data can be compromised even if threat actors don’t directly access your network.
Between a rock and a hard place: The impossible choice of WFH
There are two common approaches to WFH security, each one presenting certain advantages and disadvantages.
Approach A: Providing corporate laptops to employees with virus and other malware protection that your IT department approves already pre-installed.
Pros: This is the most intuitive solution, as it creates a more controlled work environment by using partially-managed devices.
Cons: First, if your organization has not been working with laptops up until now, purchasing and delivering them to all of your remote employees would be quite expensive and create a logistical challenge. You would also need to provide remote support services.
Second, this is only a partial solution since the employer-provided devices are connected to each worker’s home network, which is unlikely to have proper cyber protections.
Approach B: Allowing employees to work with unmanaged personal devices and requiring them to install approved security software.
Pros: Compared to the previous approach, this option is relatively cost-effective. Employees can keep working with the devices they already own.
Cons: The high complexity level is still a problem. Many security solutions require an elaborate implementation process that would have to be performed remotely by employees who may be less tech-savvy.
But the main issue has to do with user privacy. Home PCs are used for employees’ personal needs, and security software would monitor all activity on the remote computer, including some that household members would not feel comfortable sharing with their employer. This may create trust issues between employees and employers, potentially damaging the company’s employee satisfaction and retention rates.
It’s important to understand that even if employees aren’t expressing such discomfort, it doesn’t mean they’re OK with this approach. Many are completely unaware of the user privacy issues (but will soon learn about it from their colleagues), while others are afraid to stir the pot in today’s uncertain climate.
The best of both worlds: Install-free Remote User Protection
Which of the above approaches should CISOs choose? Neither. There’s no reason to settle for a solution that harms the company’s security or employee’s privacy. The most cost-effective, user-friendly, and safe approach allows employees to work with their own device and network of choice while protecting them and without installing any software. Minerva Labs protects your systems from the threat of unmanaged devices.
The best part is that there’s nothing employees need to do to implement the solution. They won’t even have to even reboot their device. The lightweight Remote User Protection agent is activated when the VPN session begins and stops when it ends. It’s simple, cost-effective, and secure.
Minerva Labs offers a Remote User Protection solution that maintains the highest security level throughout the entire VPN session while meeting the specific user-privacy needs of remote workers.
Cybersecurity and user privacy are both too critical to be compromised in any way. A solution that asks you to put one of the two at risk is no solution at all. Take the first step towards offering the best option to your company and employees, and book your demo now.