Over half of employees working from home during COVID-19 watch inappropriate content on the same devices they use for work, according to Kaspersky’s How COVID-19 Changed the Way People Work report. This is making businesses’ IT systems more vulnerable to cyber-threats, such as malware.
Nearly a fifth of employees are doing this on devices provided to them by their employer, exacerbating the security risk further.
The report also found that remote workers are regularly using their personal services, such as emails, for work purposes, providing additional shadow IT security risks for their employer. Of the remote workers surveyed, 42% admitted they use personal email accounts for work-related matters, while 49% said this type of activity has increased since the COVID-19 lockdown. In addition, 38% communicate with colleagues via personal messengers that haven’t been approved by their IT departments, with 60% saying they do this more often since they have been regularly working from home.
More than half (55%) of workers stated they are reading more news since the crisis began, and 60% of this activity is taking place on the same devices they use for work. This could add to the risk of malware infections if close attention is not paid to the websites being used for this purpose.
In the current environment, it is vital for firms to limit access to their systems and data as much as possible amongst their staff.
Andrey Evdokimov, chief information security officer at Kaspersky, said: “Organizations cannot just fulfil all user requests, such as allowing staff to use any services as they want to. It is necessary to find a balance between user convenience, business necessity and security. To achieve this, a company should provide access to services based on the principle of only supplying minimal, necessary privileges, implement a VPN and use secure and approved corporate systems. These types of software may have certain restrictions that slightly reduce usability, but offer greater assurances in providing security measures.”
Kaspersky also advised that businesses schedule basic awareness training for their employees in areas such as account and password management, email security and endpoint security.