48 per cent of office workers have admitted they are less likely to follow safe data practices when working from home, according to new research from Tessian, the Human Layer Security company. The State of Data Loss Prevention report reveals findings from a global survey of 2,000 office workers and 250 IT decision-makers in the UK and the US.
The research shows that 52 per cent of office workers feel they can get away with riskier behaviour when working from home, such as sharing confidential files via email and using personal devices to conduct company business.
The top reasons for not following safe data practices included not working on their usual devices (50 per cent), not being watched by IT (48 per cent), and being distracted (47 per cent).
Have you thought about how secure your remote working set up really is? According to a global survey from OneLogin, which surveyed remote workers from Germany, France, Ireland, the USA and UK, password best practices have not taken priority under the current spike in remote working, with 36% of global respondents admitting they have not changed their home WiFi password in more than a year, leaving corporate devices exposed to a potential security breach.
The findings on the lack of security concerns from workers should be worrying for every organisation. People can make-or-break a cyber defence just as much as clever technology. Workforces today are much more reliant on accessing systems remotely in far reaches of the world – all whilst at home. So the need for protection is critical to securely access systems and the sensitive data they contain, and at a time when attackers are exploiting remote working vulnerabilities organisations must ensure that employees do their part to keep the enterprise secure.
The familiar surroundings of working from home can have the adverse effect that users are more likely to visit potentially dubious sites and click on links that they may not have in an office environment. It is imperative that businesses share best practice advice, provide workers with consistent security awareness training focused on the home office, and ensure they can easily report threats and incidents in real time.
While the use of shadow IT is a consideration, it is also harder to monitor in remote working models. It opens up potential vulnerabilities for an organisation. Policing the use of shadow IT is only part of the solution, which is why organisations must make it clear what the approved tools, devices and applications are for employees. Then staff do not feel as if they are being hindered in their day-to-day work.
It is no doubt that organisations are struggling with visibility as employees work from home. My advice to all cybersecurity teams is to work across the business to identify all assets, such as devices, applications, people and data. By doing so, organisations can gain better visibility into the operating environments and put the people, processes, technologies – and most importantly the right training in place to help protect the organisation.
The Covid-19 crisis has triggered a tidal wave of challenges for businesses. Whilst they adapted fast to the abrupt shift towards remote working, the challenge businesses now face is keeping data secure from risky employee behaviour as working from home becomes the norm.
Our research shows that people will cut corners on security best practices when working remotely and find workarounds if security policies disrupt their productivity in these new working conditions. But, all it takes is one misdirected email, incorrectly stored data file, or weak password, before a business faces a severe data breach that results in the wrath of regulations and financial turmoil. During this time, protecting people has to be all businesses’ top priority. IT decision makers, therefore, must establish clear guidelines on security best practices, enabling all staff to work efficiently and safely when away from the office.