The pandemic brought rapid technological change that has impacted almost every aspect of the workplace, and nearly everyone in business can feel it. In a 2021 survey of business leaders, more than three-quarters said the workplace management of employees has changed.
But few business leaders have yet to reckon with the full implications of these changes, particularly when it comes to data privacy. COVID forced more companies than ever before to embrace a digital-first strategy. This hasn’t just changed how businesses operate; it has also forever altered the social contract between employer and employee. Every employee’s data privacy must now be a top concern for employers, and employers must recognize that failing to protect their employees’ data privacy exposes their business to unprecedented risks.
Today’s Cybersecurity Risks
One of the main drivers of this shift in the social contract is simply the proliferation of digital devices. Today’s employees have a range of different digital devices, both professional and personal, that they use to connect to both work and home networks. As a result, there’s no longer a clear boundary between the office and the wider world of Internet connectivity—and that means every employee’s personal digital footprint poses a risk to his or her employer.
There are a couple of ways that risk manifests. One of the main ones involves employees’ no longer being able to keep business documents and files separate from home networks and personal devices, meaning any vulnerability in their personal digital identities automatically exposes their employer’s sensitive information. Eighty percent of employees now work from home using personal devices, and, according to Cisco, almost half of employees have reported transferring files between their work and personal computers.
But the scope of this exposure cannot be overestimated. Every social media post, online shopping account, or video streaming website visit generates data that is easily stolen and repackaged to launch a phishing attack, perpetrate an identity scam, or steal a password. And because 48% of employees use the same password for their work and personal accounts, there’s almost no way to keep these vulnerabilities from impacting enterprise security.
Many employers are still unprepared to address these challenges. It’s small wonder that, according to one report, the number of data breaches jumped 68% last year to the highest total ever recorded. And almost all of these attacks were the result of successful phishing scams, a kind of cyberattack that can leverage even the slightest data vulnerability to dupe and deceive an employee.
A Proactive and Collaborative Approach to Security
So, how can businesses best address these security liabilities? The old social contract between employees and employers stipulated those punitive restrictions on the use of personal devices and networks would eliminate the vulnerabilities in enterprise systems. It was up to employees to implement company policy. But that’s no longer enough.
We need a more collaborative and proactive approach. In other words, businesses need to reevaluate the social contract with their employers. Digital security is a two-way street, and ensuring a secure workplace environment requires a joint effort on the part of employers and employees.
For employers, protecting the data and identity of their employees online is not just a means to improve enterprise security; it should be treated as an employee benefit that will help us all in the age of digital transformation. In the same vein that companies guarantee other benefits for employees, we need to also treat data and identity protection as a similar benefit worth investing in. This means investing in rigorous privacy and identity protection software for their employees who don’t have the same protection they would have using corporate networks.
As the digital transformation of our workplaces continues, businesses need to be proactive in protecting themselves and their employees from cyberthreats and malicious actors. It falls on all of us as digital natives to reevaluate the social contract and the risk that increased digital nativity poses to enterprise security.
Tom Kelly is president and CEO of IDX, a Portland, Oregon-based provider of identity protection and privacy services, such as IDX Privacy. He is a Silicon Valley serial entrepreneur and an expert in cybersecurity technologies.