26% of remote workers have experienced a cyber attack personally, while 45% of employers have asked their employees to use their personal devices for work since the start of the pandemic, according to a Microsoft research.
The study surveyed 500 employees and 200 business decision makers in September 2020 about remote working, digital security behaviours, and the worries they now face.
The accelerated transition to homeworking is placing pressure on organizations to support the unavoidable blending of personal and professional lives more than ever before.
However, this naturally creates new risks, including the increased risk of cyber attacks. This was reflected in the research which showed that only 17% of remote workers currently believe that the software and technology provided has done enough to protect their data.
This could be in some way due to the pace at which employers had to transition to remote working environments, with 36% of employers admitting they have spent the past few months putting in place the security, privacy, and workplace procedures required for today’s remote working world.
Remote workers’ information protection concerns
76% of workers were surprised with how well they had adapted to remote working. However, one in five employees feel their data is more vulnerable when working from home due to the absence of regular IT supports.
The research points to some potentially dangerous cybersecurity issues amongst remote workers:
- Personal emails: 30% of workers still use personal email accounts to share confidential work materials.
- Poor password hygiene: One third of workers use the same password to log into work and personal devices.
- Unregulated access: 43% face/navigate no security restrictions when accessing work-related documents and materials remotely.
Employers’ security management concerns
One of the most concerning findings is that organizations are potentially side-stepping their own security procedures in the name of expediency:
- Reactive approach: One third of employers acknowledge they are exposed since they had to make remote-working decisions and transitions so quickly.
- Lack of devices: 45% of employers have had to ask their employees to use their personal devices for work purposes since the start of the pandemic.
- No remote BYOD policies: 42% of employers are yet to secure those remote employee’s personal devices.
Furthermore, 41% of employers acknowledge it has become increasingly difficult to remain GDPR compliant because of the pandemic.
The report identified an escalation in both the level and sophistication of attacks. For example:
- Over 13bn malicious and suspicious mails were blocked, out of which more than 1bn were URLs set up for the explicit purpose of phishing credential attacks in 2019.
- Ransomware is the most common reason behind Microsoft’s incident response engagements from October 2019 through July 2020.
- The most common attack techniques used by nation-state actors in the past year are reconnaissance, credential harvesting, malware, and VPN exploits.
- IoT threats are constantly expanding and evolving. The first half of 2020 saw an approximate 35% increase in total attack volume compared to the second half of 2019.
Des Ryan, Solutions Director for Microsoft Ireland, said: “Cyber hackers are opportunistic, skilled, and relentless. They have become adept at evolving their techniques to increase success rates, whether by experimenting with different phishing lures, adjusting the types of attacks they execute or finding new ways to hide their work.
“While our physical work locations may have changed, our responsibilities in protecting organizational data and complying to data regulations have not. Now is the time to address this with an increased investment in cybersecurity, secure devices, tighter policies, increased support, and education for employees so they can play an important role in not only protecting themselves but also their organizations.”
Cloud-based services and hybrid working
When asked about the future, 58% believe they will have a hybrid workforce in future as more staff work from home more of the time and others are in the office.
57% felt more positive about using cloud-based services, including productivity tools.
Remote priorities: Training, support and investment
However, the research shows that Irish organizations understand there is a gap with 41% admitting they are behind the curve when it comes to having the right digital services and technologies in place to deal with new working realities.
As a result of the move to remote working, employers are focused on investment in digital security. The research found:
- 38% of organizations have already increased the level and detail of cybersecurity training for staff who are working from home.
- A further 52% will prioritise investing in training in 2021.
- 44% of workers would also welcome alternatives to passwords, with biometric verification (fingerprint or facial recognition) being the most popular options.
Source: Help Net Security