Corporate data outside the network has always posed a security risk, but with more people working from anywhere, the issue has taken on increased urgency.
Enter remote employee monitoring. The practice of monitoring remote employees has made extensive news in recent years, especially since the first COVID-19 pandemic lockdowns. There is an overall negative perception of the idea, with critics claiming invasion of privacy as the main issue around monitoring remote workers.
Despite the bad rap that remote monitoring has received, there is still a place for it within the modern security strategy. Monitoring remote workers can help detect phishing attacks, detect data loss, and pre-empt insider threats among other benefits. But first, it helps to understand a little about the practice.
What Is Remote Employee Monitoring?
Remote employee monitoring is ultimately what it says: organizations install software on employees who work remotely to monitor their machines. There are two categories of reasons why companies do this. The first reason is to track employee productivity, such as ensuring that workers are active on their machines. The second is monitoring remote workers for security purposes, such as vigilance against insider threats or to prevent social engineering.
Productivity monitoring software is used in certain organizations to verify the activity levels of remote workers. This can take the form of tracking mouse movements, tracking keystrokes, or other actions. Ultimately, the point of productivity monitoring software is to assuage management concerns about the perceived activity of remote workers. These activity-monitoring tools became more popular when companies had to push entire teams remote in early 2020.
The second kind of remote monitoring software secures work-from-home employees against attacks and creates a form of data loss protection. Monitoring solutions with security use cases could include DLP functions such as preventing download of sensitive data and protecting from social engineering attacks. Security monitoring of remote employees can also extend to monitoring for insider threats.
While some security platforms — like Blumira’s all-in-one SIEM + XDR — aren’t considered remote monitoring software, can still detect and provide insight when users are engaging in risky behaviors, like using unsecured password lists. This allows the organization to take preemptive action and remediate.
These two remote employee monitoring use-cases have distinct justifications for why they’re used. Companies that use productivity tracking software often do so because they’re suspicious of remote workers actually working. Security monitoring of remote employees, by contrast, often occurs because organizations imagine that remote workers are more at risk than on-site employees.
The Security Risks of Remote Work
The reality is that remote work can frequently make companies more vulnerable to cyber attacks. The industry doesn’t matter, nor does the size of the company.
Remote work widens the enterprise attack surface, exacerbates existing flaws, and can create troubling new ones. There are five major security risks inherent in remote work.
- Increased reliance on home networks: Corporate security teams spend a lot of time deploying network firewalls as a security layer. These firewalls halt threats at the perimeter alongside other tools that limit traffic to user endpoints. The average home network isn’t running the same grade of firewall or even antivirus software. Even with a company-owned machine, there is little reliability in defense. Unreliable home networks may cause data, applications, or conferences to go offline and bring business to a halt. It’s a paradox: the same technologies that facilitate remote work also threaten cybersecurity and compromise business continuity.
- Expanded attack surface. The average attack surface is larger than most businesses believe. Remote workers expand the attack surface beyond even unknown assets attached to the organization. Every new employee who works remotely adds yet another possible entry point for threat actors to compromise critical data and capture crucial systems.
- Difficulty remediating incidents on remote workstations. Security teams have to use remote desktop tools to remediate incidents on non-local workstations. If there’s a problem on a remote worker’s machine, resolving the issue is dramatically harder than walking over to someone’s desk and re-imaging an affected computer. As a result, attacks last for longer and the damage tends to be worse.
- Strained security resources: Lacking the cybersecurity resources that the average enterprise supplies in-house, remote computers aren’t nearly as secure. Each one is an isolated endpoint that must bear the full responsibility for safeguarding company data, applications, and networks. That’s a lot to ask of corporate workstations, especially when they’re outside of the enterprise-grade firewall.
- Increased susceptibility to social engineering threats: Remote workers could be more at risk of and more susceptible to social engineering attacks. Deepfake voices and AI-written emails means that social engineering threat actors are getting better. Checking in on the veracity of an email is far more difficult in a remote environment than in an office setting.
Despite these security risks with remote work, allowing employees to do their jobs from home is also strongly correlated with increased happiness and higher productivity. Companies would do well to understand these benefits of allowing employees to work remotely. These are important things to consider when making the decision whether or not to monitor remote employees and for what purpose.
Reasons to Monitor Remote Employees
Remote employee monitoring can and does play a crucial role in organizational security. Among the reasons companies should consider implementing a monitoring program includes the need to determine any security incidents on a remote machine. That isn’t the only reason to monitor employees who work from home, though.
- Detect insider data theft – Organizations who monitor remote employees could detect intentional or unintentional data theft from insiders. Many data loss prevention systems include detection of unauthorized usage or data leakage, empowering security teams to quickly track down when insider data theft has occurred.
- Improve operational efficiency – Monitoring remote employees could result in operational efficiency overall. When workers are remote, it’s difficult to determine when they’re overworked or overly stressed. With monitoring tools, organizations can more accurately track how much work each employee has and mitigate workloads.
- Provides productivity data – Probably one of the most prominent pieces of insight in terms of monitoring remote employees is productivity data. Remote monitoring tools frequently track worker activity to ensure that the worker is actively working during the day. If corporations are unsure about whether employees are working or not when they’re remote, they might install monitoring tools to ensure that they can track things like keystrokes or time spent logged in.
- Reveals risky security behavior from employees – Monitoring remote employees can also help surface risky security actions, such as downloading software from illegal sharing sites or insecure data-sharing practices. Companies who monitor remote employees may also surface when their worker visits a potentially malicious website. Ultimately, this monitoring helps secure the organization more efficiently.
- Improves overall visibility – Monitoring remote workers provides visibility throughout more of the organization. When employees were primarily in the office, senior leaders could easily get a sense of the overall progress of the company. As more people work remotely, getting insight into organizational operations is harder. Monitoring tools make this easier.
Risks of Monitoring Remote Workers
Remote employee monitoring has some very big negatives beyond the connotations of the term. Organizations need to understand, should they monitor their remote workers, what the reactions might be to the program. These negatives include:
- Reduced trust – Monitoring remote workers can easily be perceived as surveillance. People view monitoring tools as an invasion of their privacy, and this perception can erode trust between workers and the company. This is a major concern that could lead to worker attrition over time.
- Accidental collection of private information – Remote employee monitoring tools could be inexpertly applied to distributed endpoints. If workers conduct personal business on their company machines, or workers use their personal machines to do their jobs, then it’s possible that remote monitoring solutions would collect private information. This could result in companies unintentionally gathering private medical data or personal financial information. In both cases, companies would be liable if that information was stolen in a breach.
- More data collected than expected – The amount of data collected with a remote monitoring tool could easily balloon to a larger size than expected. This is especially true in the case of click tracking and keylogging software that tracks every single user action and activity. Collecting all this data also creates the risk of substantial noise, reducing the ability of security teams and senior leaders to analyze what they’re expecting.
- Data storage concerns – As with any data collection, the concern of where to store this data is a very real one. Remote monitoring tools gather extensive telemetry, and all that information needs to be stored somewhere. If you’re storing it in a cloud database, then that’s more money paid to your cloud provider. If you store the data in an on-premises server, then you have to pay other fees. In either case, there is the concern of paying an increasing amount of money to store this information.
6 Remote Employee Monitoring Best Practices
For many organizations, remote employee monitoring still makes a lot of sense. There might be a higher incidence of insider theft, or a concern about advanced attacks from threat actors. It is possible to monitor remote workers efficiently and effectively, without running afoul of too many of the negatives of monitoring. There are a few key best practices to be aware of when it comes to your remote employee monitoring strategy:
- Blend policy and technology best practices – The best remote monitoring efforts blend policy and technology. There are many technologies that can be purchased to monitor remote workers, but there needs to be a strong policy in place as well. These policies should cover data collection and retention rules, among other policies.
- Determine why you want to monitor remote employees in the first place – Deciding to monitor remote workers isn’t enough. Prior to implementing remote monitoring, there needs to be a clear reasoning for why to monitor employees. If the problem is ensuring productivity, decisions should be made along those lines. If monitoring needs to occur because of security concerns, that’s fine too. Regardless, starting to monitor without having a clear vision of what and why creates the risk of gathering too much data too quickly.
- Create a clear monitoring policy – Companies need to create and communicate clear remote employee monitoring policies that define what is and isn’t collected as well as how long the data is retained. With a clear policy, employees can understand what data is being collected and why. More importantly, workers could come to accept monitoring as long as the policy is followed.
- Track & record user activity only during regular working hours – To avoid accidentally collecting personal information, companies should only conduct remote monitoring either on corporate devices or during regular working hours. Collecting data during work hours means that only work-related information is gathered for analysis.
- Focus on outcomes and clearly communicate expectations – Companies implementing remote employee monitoring policies need to focus on their goal with putting remote monitoring in place. Are they seeking to protect against insider threats? Do they want to ensure employee productivity? Clearly communicating the expectations to remote employees is critical as part of a monitoring policy.
- Communicate, communicate, communicate – Organizations need to clearly communicate when they implement remote employee monitoring. Not doing so can breed mistrust among employees, especially as activity and security data is collected remotely. Transparency with the employee base helps to counter the distrust bred by remote employee monitoring.
Improve Remote Work Security with Blumira Agent
Blumira Agent provides easy-to-use endpoint security for SMBs to detect and respond to Windows cybersecurity threats. Blumira identifies attacker activity early so small IT teams can quickly isolate devices, containing threats like ransomware to prevent a data breach. Our SecOps team is available 24/7 for help with any critical priority issues.
Blumira Agent makes remote work security easy with:
- Security coverage for work-from-home employees using Windows devices
- Broader visibility into remote endpoint risks; detect and quickly remediate Windows threats
- Ability to isolate compromised devices to contain the spread of ransomware
- Frictionless installation in minutes requires no sensor or on-prem infrastructure
Want to see Blumira Agent in action? Request a demo.