Are In-Office or Remote Workers a Bigger Cybersecurity Risk?

07.17.23 08:09 AM

One of the main concerns companies have regarding remote work is that it allows employees to connect to business assets and resources in an environment the organization doesn’t control. As a result, there’s an assumption that telecommuting is inherently less secure when compared to working from a company-controlled site, like a formal office.

But are remote workers genuinely a bigger cybersecurity risk, or are their in-office counterparts a greater danger? For many, the answer is surprising.

Are In-Office or Remote Workers a Bigger Cybersecurity Risk?

Most companies operate on the assumption that remote workers pose a greater risk to cybersecurity than employees working from an office. However, new research suggests that remote work isn’t the riskier arrangement when compared to handling responsibilities in the office, essentially stating that the belief that remote employees are complacent is functionally incorrect.

Instead, remote employees are typically more aware of the risks, causing them to act more cautiously than their in-office counterparts. The study revealed that remote workers are generally more vigilant about threats and are more prone to taking precautions. Partially, that’s because they have a sense of responsibility regarding their cybersecurity.

Additionally, companies tend to heavily emphasize cybersecurity when creating remote work arrangements. There’s a tendency to dig deeper into the topic and ensure remote employees understand the risks and their responsibilities.

In contrast, employees in an office generally think that their company is managing the cybersecurity risks for them. That creates a sense of inherent safety, as they believe the employer has the necessary bases covered. As a result, they don’t view the onus as being on them or that they’re at risk, a mentality that ultimately leads to complacency.

In some cases, companies are also less forward about cybersecurity expectations with in-office employees. While basic annual training is a potential requirement, there’s less focus on it when compared to preparing remote workers for telecommuting. That decreases awareness and may even lead some in-office professionals to deprioritize cybersecurity unintentionally, as it simply isn’t at the top of their minds.

How Vigilance and Complacency Impact Cybersecurity

Complacency is particularly dangerous when it comes to cybersecurity. If an employee doesn’t believe they need to be threat-aware, they may behave in a less secure manner. For example, they may fail to follow specific policies or best practices designed to keep environments safe, increasing the odds of harmful missteps or intentional actions that heighten risk.

For in-office employees, there’s often an assumption that safeguards put in place by the company make their own vigilance less necessary. For example, they may assume that email spam filters will block or redirect emails of a malicious nature, leading them to think that anything that enters their inbox is risk-free. In turn, they may overlook suspicious content because they believe it wouldn’t end up in their inbox if there was any danger. As a result, they’re potentially more likely to fall for a scam or engage with malicious attachments or links.

Even if remote employees access company assets through company-support devices and systems, the fact that their off-site alters their perception. There’s a sense of ownership and responsibility associated with home environments, and that mindset can change how they view their home-based work, often leading to increased vigilance. In turn, they’re inherently more suspicious of anything that’s out of the ordinary, and precaution-taking becomes a norm.

Ultimately, companies need to address and prevent complacency to reach cybersecurity goals. Ongoing training designed to boost awareness across the board is a critical part of that equation, as well as continuing discussions and communications that prioritize following policies and best practices. By making sure all employees understand that risks exist regardless of where they work, organizations can ensure greater vigilance, decreasing the odds of incidents moving forward.

Nathan Weatherford