Their Secret Side-Sig is Now Your Cybersecurity Nightmare

Subscribe to Our Blog

As I write this blog, there are two wide-spread stories in the national news. First, in the past few weeks, American business has been hit with cybersecurity failures. The other topic is returning to the office as Work from Home (WFH) may be winding down in the DC, Maryland, and Virginia (DMV) region. What if the two stories collide? What if a return to the office sparks a cybersecurity risk?

Back to the office and cybersecurity risks

The past year has brought cybersecurity risks to the forefront. The landscape quickly changed.  It is on the edge of another shift, from the office to WFH, and possibly back to the office later this year. The change impacts not only the economy but also the security of your business data.

First, technology teams and CIOs dealt with a swift migration to the home office. Laptops were purchased for WFH, VPNs set, and protocols established. Now, as many prepare to head back to the office, we hope that our employees do not bring their bad technology habits back to the office.

At this point, you may think that this blog is about mixing the use of laptops, tablets, and smartphones between personal and business. Or you may think about personal emails or even online shopping from the office. You would be correct, but there is a new risk that may be going unrealized.

The side-gig

While millions worked from home, some found the time to start a side-gig. The time that once was for commuting is now prime to establish a side-gig. Plus, the lunch hour… a few minutes here and there… and over there too.

Side-gigs began to flourish. You may be surprised to know that the flourishing side-gig environment is one reason that many are fighting the return to the office.

To find some examples of successful side-gigs, I asked a wide range of corporate staff in the DMV region. I asked team leaders, networkers, and those working in the corporate culture for years. At first, I assumed that those working a side-gig were probably consulting in their field. I was wrong. Here is a sample of creative ways that were crafted during the COVID pandemic to create additional sources of income.

“I used the government stimulus checks to build a landscaping business for my teenage kids. I manage the social media, book appointments, answer phone calls and manage their income through subscription software services. I am concerned about managing their booming business once I have to return to the office.”

“I started a blog and Facebook group about fishing in Virginia. It now has a national following. I have a thriving business selling custom T-shirts, stickers, and thermal coffee cups online. I keep in touch weekly with a designer on an international design service, post weekly blogs, and update social accounts daily. I am getting ready to launch a new website that will include eCommerce. I will admit that I have a separate laptop on my home desk, and I work on this side-gig each day. I guess it is doubtful that I can have a personal laptop on my desk when I return to the office. What will I do?”

“I launched a nature photography business. You can find my photos on national subscription sites. I also have found great success on an international crafting website. I fill orders for framed photos with shipping services, I curate and edit my photos with an online service. I email buyers from my personal email account."

As you read the three samples of successful side gigs, you probably noted that all three entrepreneurs use online services, including subscription software. In addition, all three interact with customers and contractors daily.

And there it is. The crack may pose a cybersecurity problem as employees return to the office.  If the risk of side-gigs in your office has yet to be discussed, it is time to start the conversation with your team.

More than an HR issue

As you are reading this blog, you may be thinking, "That's only an HR issue, and a memo stating that employees may not work on personal business at work will suffice."

In the past year, the lure of a side-gig proved strong.  The side-gig provide a distraction from pandemic stressors; it may have provided a source of bonus income to your employee and their circle of friends and family. Combine the meditative lure and the anticipation of revenue, and you quickly have a scenario of side-gig addiction.

You may think that I am being overdramatic as I highlight that a side-gig may become addicting. Well, think about social media.  The Netflix documentary The Social Dilemma parallels scrolling through social media to sitting in front of a slot machine. We keep scrolling, hoping for a win. Side-gig entrepreneurs keep scrolling their business, looking for the win.

And here are some stats from a May 2021 survey conducted by Side Hustle Nation. Your employees like the freedom and the income from their side-gigs. Both add to the addiction.

Remember the parent that helped his kids build a yard mowing business during the pandemic?  Now, they are grossing almost $2K a week and considering adding snow removal next Winter.  Every customer booking counts to this family.

This blog is not about dampening the entrepreneurial spirit. It is about cybersecurity and setting protocols. For that, you need to assemble a team.

Back to the beginning

As the COVID-19 pandemic unfolded in 2020, I published a blog about the shift to WFH. At the time, a suggestion was to form a Business Task Force within your organization to map the protocols for Work From Home. As the task force comprises leaders from each division of your organization, it is imperative to also include a representative from your human resources department and your IT team.

As the economy rebounds from the pandemic and business returns to the workplace (or a hybrid structure), it is time to reconvene your Business Task Force. Your task force is the cornerstone for a safe and efficient return to the office environment.

If cybersecurity is not already on your task force's plan, it should be added today.

We talk with a MainSpring vCIOs

Since many organizations in the DMV region are now implementing plans to bring employees back into the office, I asked our vCIO team for advice, tips, and protocols. Here is their response.

Set expectations:

“Make sure employees have updated non-disclosure agreements and acceptable use policies on file. This may prevent any surprises later with sites they may access on company time…Make sure your policies reflect expectations and access of company-issued equipment during the work.”—Tiffany Bennett, MainSpring vCIO

Prepare before they arrive at the office:

“Review staff in Active Directory who have not logged into OpenVPN since the pandemic started. Workstations not checking in within the last 60 days will not be recognized by the network upon entering the office. In this case require staff to use the OpenVPN prior to entering the office so they can be productive upon returning.”—Kurt Schneider, MainSpring vCIO

Create a human firewall:

“Since a memo from HR will not suffice, consider education and training. The MainSpring Automated Security Awareness Program (it’s called ASAP for a reason…) provides the employee training to build a human firewall.” --MainSpring ASAP Team

Include your technology team, or a consultant, within your discussions and planning for the post-pandemic return to the office. If you feel that your company would benefit from a technology refresh and IT management, read about MainSpring’s ProPlan.