A rise in the use of monitoring software is causing a rise in UK employees using their own devices for work, rather than ones provided by their employer, to avoid surveillance. With remote working set to stay for many of us, ethical concerns around installation of surveillance software are paving the way for a rise in shadow IT in the months and years to come.
A survey of 2,000 full-time workers in the UK, conducted almost a year since COVID-induced working from home measures were implemented, has revealed management personnel (38%) and employees’ (62%) thoughts around the transition to remote working, the level of trust that exists on each side, and their feelings around the use of surveillance tools to monitor working from home activity. It is estimated that 60% of the UK’s adult population now work from home.
More than one-third (34%) of workers said they felt that employer monitoring has increased since the start of the pandemic. While almost a quarter (24%) didn’t report any negative upshots to this development, 32% revealed that the use of monitoring tools would make them less trusting of their manager or team leader, 30% said they would be upset at the invasion of their privacy, and 23% would be concerned about potential access to their personal information via this software.
Common access points available to employers who have installed surveillance tools include email monitoring (16%), internet and app usage (15%), phone use (12%) and even location tracking (9%). And, following a year in which the lines between personal and business lives have blurred, this is pushing some workers to take their work activities off the grid and out of sight. Across the full sample of respondents – some who already have monitoring software installed, and some who don’t – almost one-third (31%) would be likely to use personal devices more often for work if they were being monitored.
For employees, the perceived invasion of privacy would cause some to take further steps – to raise a formal complaint with an independent body (26%), or even leave their current job (24%). For employers, however, a more immediate concern is how increased shadow IT activity, where workers are using unapproved devices to conduct business tasks, might make their own networks and infrastructures more vulnerable. The proliferation of cyber-attacks has risen dramatically over the past year as opportunists have looked to capitalise on more dispersed and potentially unprepared setups. The risk of people now managing and working with data outside of the corporate network, on personal devices, is something that team leaders will look to prevent quickly.
David Emm, Principal Security Researcher as Kaspersky, said: “Given the drastic working routine changes that everyone has gone through over the last year, it’s understood that some employers might use monitoring tools. They can’t recapture the same office-based levels of accountability otherwise. However, there is likely to be a tipping point for many workers, and this study has already shown that if businesses go too far, employees may take their entire at-home activities off the corporate radar.
“Employees working on their own devices creates shadow IT, which presents an immense risk to businesses. With more than 90% of all cyber breaches caused by human error, companies must have complete oversight of how their IT systems and hardware are being used by remote workforces, and so must carefully balance their monitoring activities. Without knowing what devices are potentially in contact with a business’s data systems, IT and cybersecurity teams have great difficulty anticipating how company data can be potentially compromised, sold on, or even held for ransom.”
At present, 80% of managers say they trust their staff to work effectively from home, while just over half (54%) of workers say they feel trusted. Businesses should be striving to maintain and improve this balance as they continue to feel their way into the new remote working world.