Font Size: A A A

Home > News > Interviews > Sweet spot between surveillance and shadow IT

Interviews

Sweet spot between surveillance and shadow IT

Companies can’t let monitoring software force remote workers off the grid, says Chris Hurst, General Manager of Kaspersky UK and Ireland.

How can employees be trusted, and supported, when they’re not in physical sight? It’s a question that has plagued bosses and decision makers for years now, potentially also delaying the widespread rollout of remote working. In fact, prior to 2020, it was reported that 80 per cent of organisations were still yet to implement a remote working programme. All that has changed during a subsequent year where businesses have been left with no option but to place their trust in a dispersed workforce. But to what extent has this new dynamic been forced, and what is that employee trust based on?

Over the past year, since the onset of COVID, 44pc of the UK’s pandemic-forced home working contingent have had monitoring software installed on company-provided devices, as a way for bosses to ensure accountability when not in the office. During the period, almost a quarter (24%) of that same group have subsequently admitted to using their own devices to avoid such surveillance.

Already, that notion of ‘trust’ is a fine line. And after a settling-in period, businesses must now re-evaluate their levels of monitoring to avoid a longer-term breakdown of trust, that might lead to increased use of devices not protected by the corporate infrastructure. In essence, shadow IT can’t be the cost of surveillance.

Forced into hiding

At first glance, all seems right with this new world. A study of 2,000 full time workers in the UK – across both management and employee levels – has found that the relationship between bosses and workers remains strong despite the upheaval and drastic levels of change for some. In fact, almost two-thirds (64pc) of employees and employers confirm this trust from one to the other.

This comes from an initial understanding that the pay-off for greater work-life flexibility may indeed be device surveillance, and it’s equally understandable that the extent of such monitoring would rise in tandem with the past year’s transition. But given that this monitoring now transcends emails, internet and app usage, phone use, and even location tracking, businesses must also keep in mind the ramifications of overstepping the mark, and forcing their staff into hiding.

Switching between corporate and personal devices for each of their intended uses is one thing, but findings show that 31pc of UK workers would likely use a personal device more for work purposes if they were being monitored by an employer. Put simply, the more invasive the monitoring becomes, the less receptive employees become to the idea of being watched at all.

Walking the tightrope

To begin with, employees veering towards shadow IT may have been out of ease or convenience, to not have to keep switching between personal and business use. But there does also seem to be a genuine aversion to the idea of being monitored to such a broad extent – a prospect epitomised by respondents feeling less productive (24pc) or less creative (25pc) as a result of surveillance software being used.

More worryingly, nearly a quarter (24pc) of workers would be likely to leave their job if they felt their privacy was being invaded, leaving employers in a tricky position, and potentially walking a tightrope of trust. It’s a tightrope businesses can’t afford to fall off either. On the one hand, given the speed in which the past year’s events have unfolded, to allow complete independence among the home working contingent, with no account of work patterns, productivity levels or task stats, would be to lose critical insight and – in some cases – control. On the other hand, if workers do go into hiding and begin to use personal devices to avoid any such accountability, then security becomes even more of a concern.

The latter scenario of shadow IT opens the door to cybersecurity vulnerabilities at their most pressured moment. The threat of attacks has massively increased as a result of the remote working transition, as opportunists have capitalised on network transformations and – most aptly – employee error. And that’s why organisations must strike the appropriate balance between accountability and invasion in their surveillance efforts.

The need for an open dialogue

More than a third of respondents believe that the monitoring of employees has increased within their company since the start of the COVID-19 pandemic. And despite the initial strong levels of trust being voiced, we’re already seeing that workers are not far away from slipping into bad habits as this trend increases – especially if they feel the pendulum swinging too sternly towards ‘spying’, rather than ‘monitoring’.

This shows that it’s a fine balance that businesses must address soon. The remote working dynamic looks set to stay long beyond any impacts of the pandemic, and an open dialogue needs to be formed to establish a level of surveillance that workers deem acceptable in the long-term. However, this negotiation needs to occur while also affirming that escaping to personal devices to carry out work projects is never a safe response.

By having this conversation, now, and finding this sweet spot between surveillance and shadow IT, the positive relationship that exists following the most challenging of years can still certainly be maintained. And businesses’ newly liberated workers can continue to thrive without becoming a cybersecurity danger.


Tags

Related News