The Behaviour of Your Remote Workers is Adding Extra Cybersecurity Risk to Your Business
I was shocked but not surprised by the admissions of the COVID-19 generation of remote workers around the role they are playing in increasing the cybersecurity risks facing their companies.
Here at AT&T we’ve conducted new research which shows 54% of them are regularly using their work device for personal purposes, including sharing work equipment with family members.
The study involved questioning 3,000 workers in the UK and Germany who are now operating remotely because of new policies brought in to combat the global Coronavirus pandemic. More than a third of those questioned admitted to using work equipment to connect to smart home devices (35%) such as voice assistants (14%) smart speakers (14%), fitness monitors (13%), smart lighting (12%) and smart kitchen appliances (12%).
The data clearly shows workers understand the problem. Two thirds (66%) said they are more aware of cyber security threats since shifting to home working. Nearly half believe they personally (49% in the UK; 38% in Germany) and their companies (52% in the UK; 42% in Germany) are at increased risk of cyber attacks. 55% have been the target of a cybersecurity threat while working remotely over the past year, and nearly a third of those surveyed (29%) said their company isn’t doing enough to protect them from cybersecurity threats.
Yet when it comes to taking responsibility, two in three remote workers (66%) say that practicing good cybersecurity at work is challenging; citing a lack of adequate training or technical support (22%), lack of prioritisation by senior management (18%) and it taking too much time/being too much hassle (16%).
One in five employees (20%) say there is no way they could be encouraged to care about cybersecurity risk.
The results of the 2021 research correspond with an earlier survey we carried out in July 2020. Questioning 800 EMEA cybersecurity experts, we found that 70% of large businesses with more than 5,000 employees believed widespread remote working was making their companies more vulnerable to cyber attacks. That survey identified employees (31%) as the biggest risk to implementing good cybersecurity practices. At that time, experts believed that one in three (35%) employees were using devices for both work and personal uses but the new research suggests that number is much higher.
While many businesses did introduce new cybersecurity measures to mitigate risks since the onset of COVID-19, employees indicated that many employers have not taken basic steps to improve cybersecurity. One in three (32%) say their company hasn’t implemented additional login protocols to protect from web-based threats and 50% have not required any additional cybersecurity training since shifting to remote working.
The lines between our professional and personal lives are blurring and that includes our online behaviours. It’s clear that businesses can only protect their networks by mitigating for those behaviours. Cybercriminals are launching cyber attacks at the most vulnerable point – the remote worker. Businesses who initially compromised on cybersecurity to speed up the transition to homeworking are taking a tremendous risk. They must address cyber risks now to provide for business continuity and help protect their workforce and business for the future.
Just as companies have introduced measures to support the physical and mental well-being of their employees, they should educate and support their employees to help them better understand cyber safety while working outside the office. This should include mandatory steps like providing that employees can access highly secure internet connectivity and web based applications, and providing enhanced cybersecurity training to help employees decrease the risk from attack surfaces to help protect the individual and the company now and as we move into a new hybrid working environment.
With today’s hyper distributed workforce, there is a need for Zero Trust. Zero Trust assumes that traditional access credentials are no longer sufficient to accurately establish trusted identities for user, device and application access. Rather, organisations should undertake continuous, risk-informed assessments and deploy granular security controls to manage, monitor, and enforce access.
I’m looking forward to reading your thoughts and comments on the findings.
Director - Global Sales Enablement
4 年This data reflects that corporate security is like putting a steel locked door in front of the tent made of Cloth. Zero trust adoption is a possible mitigation….
Live & Virtual Event Moderator in English and Espa?ol?? Host ?? TV Journalist ?? TEDx Speaker ?? Media Trainer ?? People Lover
4 年I just participated in a Clubhouse event around this same topic! Next time I'll hit you up!
Thank you John for sharing the results of long term home working. I would be interested to know whether the results captured the use case "allowing the use for homeschooling". It would be good to know after the recent news of cyber attack in the education sector. https://www.bbc.co.uk/news/education-54182398
Director Technology & Innovation | Data Driven | Cyber Security | AI | Telecom | Cloud | Coaching leadership
4 年I’ve seen many compagnies put their remote access solution in place at record times a year ago. Most extended their existing solution to scale from 10%-20% remote to 99%. It becomes clear that an evaluation if that solution is still fit for purpose is probably a good idea as modern remote access solutions are more then just access and integrate with the SASE security framework.
On a mission to lead a team to promote digital transformation for global companies through secure and reliable communication infrastructure
4 年Thanks John for sharing this post - amazing to read that "55% have been the target of a cybersecurity threat while working remotely over the past year". #attbusiness #attcybersecurity #takeyoursecurityseriously #zerotrustsecurity #attemployee Chers network, venez nous rencontrer pour parler cybersecurité #solutionsforyou !