November 2020
Cyber-risks of working from home
It’s quite a popular opinion in the cybersecurity community that the end-user is the weakest part of the whole corporative protection system. Actually, that is why phishing attacks have become a #1 threat. During this pandemic crisis, it is obvious that companies are more exposed to the potentially insecure behavior of their remote workers.
One of the reasons - not every one of this enormous amount of remote workers has a corporate laptop or PC to work with, and the personal equipment has a way less advanced level of protection. What’s more, stretched IT management teams and budgets mean those that do have a security-related problem may not get the support they would normally.
Not all employees are the same
Recently there was quite a big research done by Trend Micro which is based on the responses of more than 13 000 remote workers from 27 countries helps to understand what things about your employees are to be concerned. And, if business and IT leaders know where the risks are - it is way easier to address them and prevent most of the problems.
In doing so, they shouldn’t forget that no two employees are the same. An independent cyberpsychology expert Dr. Linda K. Kaye to looked at the results of the study and found that there are actually four distinct personas in every organization. This info will help to provide more effective training in addition to all the technological protection which is essential.
And the results of the research are quite encouraging - 72% of employees said that they’ve become more security conscious during the lockdown, with only 4% claiming to be less so.
That means that most of the workers know that using non-work applications for company business brings very high-security risks and it is strictly recommended to use approved corporate platforms to work with files. It is also about taking recommendations of IT-teams seriously and understanding their role in keeping the organization secured.
There’s still a lot of things to consider
All good things tend to end sometime. And it is time to discuss a lot of examples of poor security practices during remote work.
Wi-Fi and remote working issues: nearly 40% of respondents stated they often use public networks without using corporate VPN and, while doing so they might expose internal data of the company, credit card data, passwords, and so on.
Exposing work laptops to online threats: only 20% of respondents said that they never use their corporate PCs for personal needs. Over 30% do so on an everyday basis and further 45% tend to do this only on business trips. Such use case leads to exposing corporate data to viruses found in torrent sites, app stores, adult content sites, and so on.
Personal devices used to access work data: cyber risks work the other way too - accessing the corporate data from personal devices increases the possibility of leaks dramatically. Two-fifths (39%) of respondents said they often or always do so.
Shadow IT and non-work apps: perhaps even more concerning is the fact that two-fifths (38%) of remote workers have uploaded corporate data to a non-work app. Although these may be legitimate applications, the fact they are non-sanctioned by IT compounds the challenges of visibility and control associated with shadow IT.
Recommendations
Fortunately, there are organizations, like ours, which can lessen the risks of user’s behavior during remote working, by using lots of different measures like strict policies of security, awareness training, and assessing the risk based on the sensitivity or criticality of the data.
Remote working is set to become the norm long after the current pandemic has receded. Now that the initial rush to support the distributed workforce has subsided, it makes sense to start planning in earnest to mitigate the risks highlighted in this study.