After more than a year of working from home, research shows not much has changed when it comes to addressing the remote work cybersecurity challenge. According to the COVID-19 Cybersecurity in the Remote Workforce study, which surveyed more than 5,800 consumers in February 2021, data shows that employees working from home are still placing corporate data at risk, and companies are not taking many new steps to change that.
Even while there has been a 350% increase in ransomware attacks in the last year, security gaps for remote workers continue to be considerable, and support from IT for remote workers hasn’t improved. Consider these key findings:
- Workers are Using Personal Devices. Data found that only 39% of employees were issued company devices to work from home when the pandemic hit in 2020. This remains steady in 2021 with 38.5% of employees reporting that their employer issued a device to use for work purposes. The risk? As many as 61.5% are using their own devices to work from home, accessing corporate data and entering the corporate network with unmanaged systems. This is risky because IT is not typically managing the security protections installed on these personal devices. This greatly increases the attack surface where cybercriminals can break into corporate networks.
- Antivirus Software Isn’t Being Required. One way to help prevent security vulnerability is to rely on the protection of an antivirus software product. The vast majority (91%) of employees working from home reported that their employer didn’t provide an antivirus solution to install on their personal device being used for work purposes. While certainly some employees may already have antivirus protection, companies that have not instituted it for their remote workers can’t be assured that protection is in place. Without a clear antivirus protection policy, corporate networks are certain to be facing exposure and risk.
- Use of VPNs is Uncertain. Another top best practice to secure remote worker devices is the use of a Virtual Private Network (VPN). VPNs will disguise your IP address when you access applications and data through the internet. This makes the connection more secure against external attacks. While the use of VPNs has gone up marginally from 2020 (40%) to 2021 (43%), the number of users not sure if they are using a VPN has grown 5%, from 14% in 2020 to 19% in 2021. This shows that security education about the value of VPN use is lacking. To protect corporate data, the use of VPNs should be mandated for remote working employees. Further, more active education on the value of VPN use is needed.
- Support from IT Remains the Same. Even with increasing ransomware risk and the persistence of working from home, IT support services for employees working from home has remained the same. More than half (51%) of employees said they were essentially on their own when transitioning to remote workstations. And nearly half (49%) said that their employer didn’t provide IT support services throughout the duration of their work-from-home experience. This is a significant missed opportunity to ensure corporate data remains protected and that cybersecurity defenses are employed.
Research shows that as many as 80% of full-time employees expect to continue working remotely, even once the pandemic restrictions are lifted. This means the time to protect remote workers from cybersecurity threats is now. By taking clear and decisive steps to properly protect personal devices accessing corporate networks with antivirus software and VPN access, companies can better safeguard their valuable data. These security technologies should be supported with greater employee education and increased IT support services to ensure they are used properly and consistently.
The nature of work has changed for good. By focusing on the best security mechanisms to adapt to this workplace shift we can all have an impact on reducing the threat of cybersecurity threats.
The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.