A Human-centric Approach to Operational Awareness and Risk Management.

How Work-from-Anywhere Affects Employee Behavior

For the past two years most of the people reading this blog have worked from home. While we have all enjoyed the headaches of commuting (particularly true in the Boston, NYC, Los Angeles, Washington DC, and Chicago areas), work-from-anywhere (WFA) has been even more of a pain for IT and cyber security teams tasked with protecting data and employees now working almost exclusively outside the protection of the corporate networks.


Why? Because employees working from home are more likely to open suspicious emails on their personal accounts. Once compromised, these employee devices will be easily infected, and these attacks can migrate to corporate data and other devices.

Employees are also using more personal devices like printers, backup, and storage devices. This means there are probably more unprotected—and unauthorized—copies of sensitive information in our homes. While not necessarily a threat, all of this adds insider risk. SaaS-based applications, such as Office 365, G-Suite, and Slack, which can be accessed by BYOD devices, are still a gaping hole for most organizations. Then there are personal email accounts that now natively allow extremely large transfers of more than 1GB.

WFA can change employee behavior for the good. Avoiding a daily commute makes employees happier and allows for a better work-life balance. A 2021 study by the employment agency Robert Half found that 60% of HR directors saw an increase in work productivity after introducing flexible working hours.

Working remotely can also affect employee behavior for the worse. Our 2022 Insider Risk Report found that remote employees are affected by three behavioral influences:

  • Perceptions of Anonymity—When employees are physically isolated from their peers, social norms are more difficult to maintain, leading to increased incidents of both positive and negative norms. Groups are more easily polarized and there is less self-regulation among individuals.
  • Perceptions of Proximity—Psychological studies show that there is greater willingness to deceive at greater distances. In a WFA environment, this willingness is coupled with access to a plethora of personal in addition to corporate assets, increasing the ability to deceive.
  • Perceptions of Monitoring—Supervisor interactions currently provide 60%-80% of alerts of malicious activity in organizations (not limited to data theft). In the WFA environment, employees have little personal contact with their supervisors and may perceive themselves as unmonitored. When this occurs, the deterrence effect is lost. Higher levels of monitoring can lead to lost trust and lower organizational commitment.

These conditions mean that remote workers present different threats than on-premises workers. Stopping these threats requires new baselines and an understanding of the context of employee behaviors. Some “anomalous” activities may simply be new and forced on employees by the WFA environment. Others may be signs that an employee is unhappy and a flight risk (along with your sensitive information).

Our 2022 Insider Risk Report has lots more detail. You can get your copy here.