The shift towards remote work has revolutionised the way we approach our professional lives. In Australia, since the COVID-19 pandemic, working from home has not only become a common practice but also a growing expectation. Job applicants are increasingly interested in roles offering the flexibility of remote work, and some recruiters now say that if working from home isn't included in employment contracts, many applicants are not interested in the job. While this change provides numerous benefits, it also comes with a new set of risks, especially those related to insider threats.

The Appeal of Working from Home

The adoption of remote work has allowed businesses to maintain operations despite lockdowns and restrictions. For many employees, working from home offers a more flexible and comfortable environment, contributing to a better work-life balance. In Australia, it has become so attractive that some job seekers may decline offers without this option.

The Growing Insider Threat

However, the remote working environment has also created new challenges for organisations, particularly concerning insider risks. Insider threats, which involve risks from employees or contractors within an organisation, have become more pronounced with the shift to remote work.

Dual Employment: A Case Study

A recent example illustrates a situation where an employee was detected having two jobs at the same time and performing poorly in both. This case exposed the difficulty in monitoring employee commitment and the real possibility of conflict of interest. Traditional in-office environments would likely have caught this behaviour earlier, but remote work allowed the individual to exploit loopholes.

Performance Monitoring: An Insurance Company's Example

Another recent detection involved an employee at a large insurance company in Australia who was found to be typing only an average of 34 keystrokes an hour over several months. The employee challenged their dismissal in court and lost. It has now been held many times that employers have the right, and indeed should, monitor employees. This incident underscores the necessity for careful oversight of employee activities, even in a remote setting.

The Right to Monitor Employees

The transition to remote work has led to an increased need for monitoring employee activity. Employers must ensure productivity, secure proprietary information, and maintain the overall integrity of the organisation. However, it's also paramount that employees are notified that they are being monitored and understand the reasons behind it.

Ethical Considerations

Transparent communication is essential in building trust between employers and employees. Clear policies and guidelines should be established that outline what will be monitored and why. Without such transparency, remote monitoring could easily lead to a breakdown in trust and morale.

Strategies to Mitigate Insider Risk

Organisations can adopt various strategies to reduce insider risk in the remote working environment:

  1. Clear Communication: Explicitly outline remote work policies, expectations, and monitoring practices.
  2. Technology Solutions: Implement tools that allow for secure, efficient monitoring while respecting employee privacy.
  3. Regular Check-ins: Maintain regular communication with remote employees to foster engagement and accountability.
  4. Legal Compliance: Ensure that all monitoring practices adhere to local laws and regulations.

In Summary

The shift towards remote work in Australia and across the globe has created a new landscape of opportunities and risks. While the appeal of working from home continues to grow, organisations must be vigilant about the potential insider threats that can emerge.

By leveraging comprehensive monitoring practices, fostering transparent communication, and implementing appropriate technology solutions, employers can effectively navigate this new environment. However, striking the right balance between oversight and trust will be crucial in maintaining a productive and positive remote work culture. The recent examples of dual employment and the insurance company case have provided valuable lessons and precedents. They serve as a reminder that insider risks are real and that both monitoring and ethical considerations are vital components in a successful remote working strategy. In the rapidly changing world of work, adaptability and awareness are key to mitigating the risks while reaping the rewards of this new frontier.

Christopher McNaughton

Strategic Advisor, ShadowSight

Who is Christopher McNaughton

Chris is a proficient problem solver with a strategic aptitude for anticipating and addressing potential business issues, particularly in areas such as Insider Threat, Data Governance, Digital Forensics, Workplace Investigations, and Cyber Security. He thrives on turning intricate challenges into opportunities for increased efficiency, offering pragmatic solutions derived from a practical and realistic approach.

Starting his career as a law enforcement Detective, Chris transitioned to multinational organisations where he specialised and excelled in Cyber Security, proving his authority in the field. Even under demanding circumstances, his commitment to delivering exceptional results remains unwavering, underpinned by his extraordinary ability to understand both cyber and business problems swiftly, along with a deep emphasis on active listening.

What is ShadowSight

ShadowSight is an innovative insider risk staff monitoring tool that proactively guards your business against internal threats and safeguards vital data from unauthorised access and malicious activities. We offer a seamless integration with your current systems, boosting regulatory compliance while providing unparalleled visibility into non-compliant activities to reinforce a secure digital environment. By prioritising actionable intelligence, ShadowSight not only mitigates insider threats but also fosters a culture of proactive risk management, significantly simplifying your compliance process without the overwhelming burden of false positives.