Remote workers continue to pose a major threat to data security, more than a year after the office exodus that caught many companies off guard. Over half (58%) of the UK IT leaders who responded to Apricorn’s latest survey, predict that their organization will be exposed to the risk of a data breach by employees working away from the office. This figure has risen steadily year on year since 2018. Alarmingly, over a third (35%) admit their remote workers have already knowingly put corporate data at risk in the last year.
With employees now largely settled into home-based work, why are so many companies still wrestling with security?
A small but significant number appear to be deficient in some basic core areas of cyber-defence: one in 10 IT leaders say they have no control over where company data goes or where it’s stored, with a similar proportion stating that their technology simply doesn’t support secure remote or mobile working.
Trust in employees remains a sticking point, with over a quarter (26%) of organizations believing their remote workers just don’t care about security, although this has dropped from 34% last year. This suggests an improvement in levels of awareness and accountability around cybersecurity across the workforce, and a corresponding rise in confidence among IT leaders.
However, while employees seem to be increasingly recognizing their role in compliance and data protection, organizations are not equipping them with what they need to carry out that role.
A Step Backwards?
Two thirds of IT leaders admit that their remote workers are willing to comply with security measures, but don’t have the necessary skills or technology to keep data safe – and this has grown from just over half in 2019.
When it comes to the challenges associated with implementing a cybersecurity plan for remote working, many more organizations are struggling with the complexity and management of technology than last year – with 35% citing this as one of their top three problems. This is almost double last year’s figure (19%).
Over a quarter (26%) of organizations believe their remote workers just don’t care about security
GDPR compliance is also a much greater concern than it was in 2020, with 32% of organizations highlighting that remote working makes it harder to comply compared with 16% last year.
Now is really not the time for companies to lose momentum.
Consumer Scams Become Corporate Threats
Attackers’ techniques have evolved as the line between our professional and personal lives has become indistinct, to target distracted employees with social engineering frauds normally experienced in a consumer context.
Phishing was ranked by over a third of respondents to Apricorn’s survey as having been one of the main causes of a breach within their organization, almost double last year’s figure. Ransomware – another growing trend – was ranked as the fourth biggest threat overall.
Fixing the Fixes
The speed at which businesses had to respond to 2020’s first lockdown meant they had to implement quick fixes and temporary solutions to keep the lights on. For many, giving workers access to data and systems took priority over ensuring the necessary tools and security were in place to secure that access. This will inevitably have left ‘holes’ in security defenses.
If these gaps haven’t yet been adequately addressed, they must now be tackled as a matter of urgency. This doesn’t need to be a daunting or complex task; securing the entire remote workforce can be achieved with a relatively straightforward approach.
First, ensure that each and every employee is aware of the risks they could expose the organization to, and their specific responsibilities in managing them. They should be required to follow a framework of clear security policies and procedures that cover all aspects of remote working – for instance the use of their own devices and equipment to carry out business, and how to spot social engineering attacks.
Then enforce these policies by applying endpoint controls and encrypting all data as standard. This will protect data and systems wherever employees are working, and on whatever device, so the organization can have complete confidence in the integrity of its information.
We may have barely had time to catch our breath since the last major shift in the working environment, but we’re now experiencing another one. Employees have begun to migrate back to the office, and companies are re-evaluating the balance between home and on-site working. Cyber-attackers will definitely not be on the back foot as we adjust to new ‘hybrid’ working models, so companies need to remedy any remaining weaknesses now to avoid getting into trouble.