58% of orgs predict remote workers will expose them to data breach risk
35% of UK IT decision makers admitted that their remote workers have already knowingly put corporate data at risk of a breach in the last year according to an annual survey conducted by Apricorn.
This is concerning given that over one in ten surveyed IT decision makers also noted that they either have no control over where company data goes or where it is stored (15%) and their technology does not support secure mobile/remote working (12%).
Additionally, 58 percent still believe that remote workers will expose their organization to the risk of a data breach. This figure has risen steadily year on year from 44 percent in 2018, yet despite the pandemic, the number of organizations expecting their remote workers to put them at risk of a data breach in 2021 has remained level. This suggests that organizations could have increased their security processes for remote workers, or are simply putting more trust in their employees.
Furthermore, 26% of organizations noted that their remote workers don’t care about security. Whilst this figure has dropped from 34 per cent last year, phishing (37%), employee negligence (27%), remote workers (15%) and third parties (13%) are still big avenues for attack and actionable cause of a breach.
The lines between professional and personal now indistinct
The lines between business and home, professional and personal, are now indistinct, which could explain why phishing was also ranked by over a third of organizations as being one of the main causes for a breach, almost doubling since 2020 (20%).
Additionally, this year’s survey included ransomware as an option for possible cause for breach and ranked as the fourth biggest threat, with 17 per cent citing this as a concern, highlighting the growing trend, and fear of ransomware attacks.
Jon Fielding, Managing Director EMEA, Apricorn, said, “This past year has been like no other. Though most organizations already had some remote working in place, the speed with which businesses had to respond to the pandemic, meant security took a back seat with quick fixes and speed of roll-out taking precedence. Unfortunately, this has increased risk along with a drop in security being front of mind as employees settled in to home based work.”
Lack of skills or technology to keep data safe
Despite 100 per cent of surveyed organizations having remote workers, over 65 per cent admitted that their mobile/remote workers are willing to comply with security measures, but don’t have the necessary skills or technology to keep data safe.
This has increased year on year from 54 per cent in 2019 and 63 percent in 2020, again highlighting that, with organizations forced into supporting remote working, many may have been driven into making quick fixes, with temporary tools, processes and policies underpinning them.
“Businesses have been caught off guard and were ill prepared to secure a full remote workforce. For many companies it was a case of flipping a switch to allow access, rather than ensuring they have the necessary tools and security in place to secure that access. Whilst employees are now beginning to recognise their role in compliance and security, organizations are not equipping them with the technology to remain safe and compliant” added Fielding.
Unsurprisingly, when it comes to the challenges associated with implementing a cybersecurity plan for remote/mobile working, 35 per cent of organizations cited the complexity and management of all the technology employees need and use for mobile/remote working as one of their top three problems. This is almost double last years’ figure (19%) and ranked second after ensuring data is adequately secured (39%).
The compliance issue
GDPR compliance was the third biggest concern with 32 percent of organizations highlighting that mobile/remote working makes it harder to comply with GDPR, compared with just 16 percent in 2020, suggesting that compliance is sitting much higher on the agenda now more employees are working remotely.
That said, when asked if their organization have an information security strategy/policy that covers employees’ use of their own IT equipment for mobile/remote working, 88 percent confirmed they have a strategy in place. Of those, 30 per cent only allow corporate IT provisioned devices, of which 22 percent have security measures in place to enforce this with endpoint control.
“Secure endpoint controls will protect data and systems wherever employees are working, and on whatever device, so organizations have complete confidence in the integrity of its information. Implementing the necessary technologies, digital tools, and procedures for mitigating the threats associated with remote working, need not be complex. Endpoint security and education are critical to the process, and are as simple a solution to security as washing your hands is to the pandemic.
“It may seem like a daunting task, but if organizations can address these alongside security best practice, whilst remedying any quick fix solutions, the future and security of remote working should be straightforward”, concluded Fielding.