A recent study conducted by CybSafe has revealed the poor cybersecurity practices observed amongst remote workers in recent months, and the potential impacts these habits could have on businesses as a whole without the implementation of appropriate security measures.
Remote working as a practice has been steadily increasing in popularity for the last decade, but the lockdown measures put in place this year to combat the risk of COVID have seen this trend skyrocket, with the majority of businesses granting remote access to at least a small portion of their previously office-based employees. Although this change has of course safegaurded many individuals against the physical threat of this virus, it has left many experts concerned about the digital security of the organisations they work for - more specifically, the security of their confidential data, accounts and finances.
The study led by CybSafe involved a total of 600 professional users across the UK, with their responses highlighting some worrying insights across three key areas. In this article we will be discussing these findings, with detailed explanations as to why these behaviours could be leaving businesses vulnerable to cyber attacks and data loss.
- 23% use unauthorised devices for their work related tasks
- 1 in 10 share work devices across household
As these unauthorised personal devices have not been secured by the company's IT team to their required standard, individual's making use of these devices for work related tasks are not only putting themselves and their property at risk, but also creating significant risk for their business as a whole.
These devices are likely to be lacking encryption, the latest software updates, and restrictions against certain malicious websites, leaving them vulnerable to data leaks and even hacking. This lack of website restrictions is especially important when considering the number of respondents also sharing their devices amongst their household, as a company can only train and monitor the security awareness practices of their own employees - individuals who have not received this same training could potentially visit one of these malicious websites or fall for an email attack, putting any company data stored on the device in harm's way.
Training & Policy Management
- 65% have not received any remote working security training in the last 6 months
- Only 37% were provided with a working from home cyber security policy
Security awareness training should be treated as an essential part of a company's overall security strategy all year round with continuous, topical training content - but this importance is even more heavily present when a company is experiencing a significant change in daily operations, such as shifting to remote working.
Not only should employees have been supplied with newly updated training materials specific to their new working environments and the changes this could bring, but there has also been a significant rise in phishing campaigns leveraging COVID specific messaging that would require newly focused training.
- 1 in 5 don't keep their collaborative working & conference software (e.g. Zoom) up to date
- 23% don't ensure their other apps on their home WiFi network are up to date either
Having outdated systems and software can leave devices, and the organisations that they are connected to, extremely vulnerable to infiltration attacks, as you are no longer benefiting from the latest protections and patches put in place by that service provider, which could be the only thing stopping a cyber criminal gaining access.
Just as an example of how much this oversight can snowball into disaster - the famous WannaCry outbreak that impacted hundreds of thousands of users across the globe in 2017, including the NHS, was primarily targeted at users who had not yet updated their systems to Windows 7.
For more guidance surrounding remote working security take a look at the
highlighted resources below:
|White Paper: Advanced Secure Access for
Remote & Mobile Workers
|The Must-Read Guide for Remote Workers
to Avoid COVID-19 Cyber Attacks