The world is entering the hybrid workplace era, with varying levels of apprehension leading to different types of forward-looking plans of action. A recent Gartner survey discovered that at least 75% of remote or hybrid employees say their expectations of working flexibly have increased. Also, the return to traditional work design could lose up to 39% of workers. We see these results reflected in the intentions and plans of enterprises.
74% of CFOs intend to increase remote work at their organization even after the crisis stabilizes, whereas 48% of employees will work remotely in a part-time capacity.
We are witnessing conversations around reducing on-site workforces in favor of permanent remote positions. Alternatively, an increase in contingent workers on a remote basis to replace full-time workers as a cost-saving measure is also part of the narrative. Invariably, we’re looking at a future where a part of the workforce, some of it fixed, the rest dynamic, will be working remotely in at least a part-time capacity within all enterprises.
The hybrid-work model is here to stay, and enterprises around the world must develop new business designs to suit a flexible and employee-centric work culture, which is secure and compliant.
With the permanence of the hybrid-work model, businesses must be aware of the compliance risks that come along and address the potential physical/insider data threats and issues. For example, financial data or citizen health records have many compliance obligations, and in a hybrid-work model, these are susceptible to theft, fraud, or other malicious intent.
So, what are the factors that give rise to major compliance risks? Broadly these are - lack of secure space to work, access to screen for any unauthorized presence, absence of mindful surveillance in remote work environments unlike secure ODCs, and human error/negligence.
Current state of data safety
Ponemon Institute's 2020 “Cost of Data Breach Study” shows the volume of records that were compromised by data breaches in 2020 increased by 141% to a massive 37 billion, the largest number since 2005. Globally, the average cost of a data breach was $3.83 million in 2020, but the average cost of a data breach in the United States hit an all-time high of $8.64 million.
The study further mentions how, while malicious outsiders contribute to most enterprise security risks and lost data records, negligent remote workforces have led to a 47% increase in insider threats from 2018 to 2020. Negligent employees create ~62% of security incidents, costing ~$307,111 per incident. A lot of this can be attributed to accidental loss of data. A consequence of this is the increase in the cost of insider threats to $11.45 Mn in 2020 from $8.76 million in 2018.
“We discovered in our research that insider threats are not viewed as seriously as external threats, like a cyberattack. But when companies had an insider threat, in general, they were much more costly than external incidents. This was largely because the insider that is smart has the skills to hide the crime, for months, for years, sometimes forever.” — Dr. Larry Ponemon
Enterprises today must urgently prepare for a future where compliance risks are an occupational hazard for all stakeholders. Replicating enterprise security is a tall order to fulfill in the hybrid state of affairs.
Companies have spent a lot to ensure the software side of cybersecurity by enabling solutions like identity protection, endpoint security, and threat protection, etc. However, the physical side of cybersecurity still has not been in as much focus as necessary, especially in the remote work scenario.
At HCL, we are committed to ensuring data security in hybrid working for our customers. And that’s where we have developed a completely home-grown solution, ‘SecureShield’. It addresses major data security and compliance risks in a hybrid work environment. For instance, an unauthorized person viewing the screen, communicating on the phone while the screen is on, clicking pictures of the screen, any other unauthorized activity, or no employee detection while the screen is on.
SecureShield solution protects the identity ensuring only authorized identities are working on the device. It has a face detection capability built into the system, which ensures that no unauthorized person can access the screen. Its AI-based model can detect motion in the screen’s background and thus prevent data loss through shoulder surfing. It can detect prohibited devices. For example, when someone tries to take a picture of the computer screen through a mobile device or camera, it can identify the device and take an appropriate desired action like locking the screen. And finally, as a managed service provider, HCL will provide end-to-end services from assessment to deployment to support.
Additionally, there are flexible deployment options to support a wide range of needs at an affordable price for enterprises, engaging users at different levels to deliver an exceptional experience.
The solution also covers the privacy aspect of users by ensuring the feed from the webcam stays on the device and is not sent to any central server unless there is a violation.
We’re witnessing a watershed moment for our ways of working. Enterprises are done playing catch up with any global phenomenon disrupting our day-to-day lives. The future calls for flexibility and experience-centric workplaces, and employees now accept a sustainable hybridization of their work lives. The onus is now on digital enterprise technologies and their facilitation of the future.
In my next blog, I will be discussing SecureShield features and advantages in detail.
The hybrid future is promising to reinvent our way of work. It’s high time we reinvent our measures of protecting the same!