Flexible Work Environments and Cybersecurity: What Should Businesses Do?

It’s not rare to see “flexible work schedule,” or something of that nature, under the “perks” section of a website’s careers page. What is generally meant by this is it’s okay for employees to leave in the middle of the day to visit the dentist or work from home when the car needs to be taken to the mechanic. The point is, it’s more important that you do quality work than when you do it.

As someone who works for a company with a flexible schedule policy, this certainly feels like a perk to me. Being able to work from home every once in a while to take care of errands makes my life easier.

My employer benefits from this flexibility, too. When I need to be out for a day, I’m not incommunicado. My phone is still in my pocket, so if something comes up, a coworker just needs to shoot me a message and I can hop on my laptop to take care of an urgent task. The only potential downfall here is that the convenience offered is really only if I am at home. Public hotspots are risky. Working at the local coffee shop sounds good, but the possibility of exposure to a world of insidious hackers is real.

A report from Pew Research shows just how seriously the issue of cybersecurity needs to be taken (and how rarely it is taken seriously). According to the report, 64 percent of Americans have experienced some sort of “major data breach.” This could mean credit card fraud, stolen account numbers or compromised passwords.

Along with widespread victimization, the report notes that most Americans don’t follow the best cybersecurity practices, subjecting themselves to cybercrimes. Only 3 percent of internet users claim that password management software are the technique they rely on most, while 83 percent of users say they rely primarily on either memorization or writing passwords down on a piece of paper. Unless the lion’s share of Americans have minds like Rain Man, that means people are only using one password (or slight variations to one password) for all of their accounts. That being the case, the breaching of one account exposes the user’s entire digital life to hackers.

How do these numbers apply to corporate America?

This graph from the Harvard Business Review sheds some light on that question:

When looking at the amount of companies that at least tolerate bring your own technology (BYOT), it becomes clear that when individuals put their personal devices in danger, they’re also compromising their employer’s network. After all, any work-related data that an employee accesses on his or her personal device is then accessible for whoever hacked their device.

Given the amount of precious data a company might possess, and how hackable that data is when cybersecurity isn’t taken seriously, it’s time we stop playing fast and loose with our data.

What can businesses do to secure their data?

Pew also reports that “cybersecurity is not a top-of-mind worry for most Americans.” Sixty-nine percent of internet users claim they do not worry about how secure their online passwords are. This stat certainly flies in the face of the 64 percent of Americans who have suffered some sort of data breach.

It’s clear that cybersecurity can’t or won’t be dealt with adequately on an individual level. Because of this, businesses need to figure out how to tackle the issue without relying on the personal responsibility of its employees.

Perhaps the answer is a culture change. If employers tighten the reigns on the flexible work culture and disallow the practice of BYOT, cybersecurity would be a much easier problem to solve. If you really wanted to take cybersecurity seriously, you’d tell your employees not to take their work with them.

Of course, this idea isn’t going to happen anytime soon, but not because it’s not sensible. If you read this and feel ending flexible work is an overly cautious reaction to the rise of cybercrime, it’s likely because you’re not taking cybersecurity as seriously as you should. After all, cybercrime has become a trillion-dollar industry that is now more lucrative than the drug trade.

The truth is, if you’re scoffing at major culture changes in the interest of cybersecurity, you probably just haven’t been hit yet.

An Addendum

From fellow G2 Crowd Research Specialist Grace Pinegar:

My esteemed cohort and natural-born skeptic Kevin has presented an idea abhorrent to me: that we should do away with work-from-home days.

I understand his point. It’s one thing for a dubious individual browsing parallel on a coffee shop network to find you doing research for an upcoming French term paper. It’s another situation entirely should they find you opening classified work documents that feature contact information, bank statements and copies of employee identification.

But this idea to completely halt remote activity—to stay away from in-flight wireless networks or to use data only from your personal hotspot at a hotel—completely discredits the transferrable, connective lifestyle the modern workforce has grown used to. 

I propose awareness, company-wide remote best practices and proactivity. We’ve made ourselves vulnerable to some sketchy situations, not by choice, but by lack of protective behaviors. Should you wish to continue in the coffee shop office you’ve grown to love, follow a few steps for extra security.

First and foremost, don’t access vulnerable documents on a network you don’t trust. If you’re going to work remotely for a day or week, try to schedule out projects that don’t compromise personal or financial information. Use email through web browsers as opposed to their desktop applications. Check your bank app through your phone’s data, and not a wifi network.

Ensure the network you’re on truly belongs to the location you’re at. Ask baristas and concierges for the official login information, instead of taking your best guess.

If these things cannot be accomplished, take extra steps to secure your devices. Turn off file sharing, screen sharing, printer sharing, internet sharing and bluetooth sharing. All of the sharing. Deactivate network discovery so others can’t find your device on a public network, and ensure your computer’s firewall is turned on. Depending on the type of device you’re on, these settings can be applied anytime the user declares they are on a public network.

For advanced security—such as for an IT professional who absolutely has to put in some work hours while away on vacation—consider helping employees establish a virtual private network (VPN). A VPN can make an IP address appear as though it’s somewhere it’s not, effectively shielding users from nearby prowlers.

Personally, I’m into working from home. And unless my company vows to replace this flexible policy with a mandated in-office pajama day, I plan to take the proper security measures to ensure this can still happen.


To learn about other cybersecurity topics, click here to read other security-related articles.