35% of Organisations Predict Remote Employees Will Expose Them to Data Breach Risk
Since the pandemic reared its virus-shaped head in early 2020, each and every industry has been affected in some way. Not only has it altered the way in which we work, but it has paved the way for malicious actors to target the new wave of home workers. As a result, remote work has become a new gateway for such criminals to complete alternative data theft methods.
With “everything-online” and without security options in place that are provided within office environments, employees are more susceptible to cyber-attacks than ever before.
An annual survey conducted by Apricorn revealed that 35% of UK IT CEOs admitted that their remote employees have already deliberately put organisation data at risk of a breach in the last year.
What’s more, 75% of organisations surveyed say that 50-100% of employees are working remotely, while 86% say the trend will continue long after the pandemic.
Ultimately, it looks like home working is not set to be a short-term trend, and as a result, remote employees will continue to be a cash cow for cybercriminals. With the onset of the pandemic and a huge increase in remote work policies, these cybercriminals said their chance and grabbed it with both hands, resulting in a 630% surge in cloud-based attacks in 2020.
What’s more concerning is that more than 26% of businesses noted that their remote employees don’t care about cybersecurity. While this figure dropped from 34% last year, employee negligence, phishing, remote employees, and third parties are still big targets for attacks and actional cause of the breach.
Imbalance Between Personal Life and Work – Still a Cybersecurity Issue
The lines between the personal and the workers are blurring more and more. Workers often spend more time in their office than they do at home.
Meanwhile, nearly a quarter of employees work from home. We assume that in the modern world, the perfect balance between work and personal is generally unreachable. In both professional and personal life, people rely more on emails, socials, shared folders, and digital documents, which could explain why phishing attacks were also ranked over a third of orgs as one of the main causes for a breach, almost doubling since last year.
According to How-To-Claim.co.uk, this year’s survey included ransomware as an option for a possible cause for data breach and ranked as the 4th biggest threat, with 17% citing this as a concern, emphasising the growing trend and fear of phishing attacks. 2020 has been like no other.
Though most corporate already have some remote working well-planned, the speed with which organisations had to respond to the “new normalcy” meant security was overlooked with a few short fixes and speed of launch being a priority. That means higher risks along with a drip in cybersecurity being front of mind as employees settled into remote work.
Lack of Technology or Skills to Keep Data Safe
At the risk of appearing like Chicken Little, organisations have awakened. The security industry continued to address major problems with a mixture of technology reliance and lip service, but they aren’t making much progress.
Truth be said, we’re facing a global cybersecurity shortage. Research shows that this situation not only isn’t getting better but, in fact, be getting worse. For instance, 70% of cybersecurity experts claim that the cybersecurity skill shortage jams their organization.
One of the reasons is the increased workload on the existing cybersecurity employees, long-standing open jobs, an increase in hiring and training new personnel, and an inability to learn and implement security technologies to their full potential.
A shortage in skills is one of the most acute among application security experts, security analysts, and cloud security specialists. With companies developing more software, moving towards workloads to the public cloud, and facing more advanced threats, these shortages are alarming, to say the least.
An Issue of Compliance
The new data protection law places the consumer in the driver’s seat, and the task of complying with this regulation falls upon organisations.
GDPR applies to all organisations and businesses located in the EU, regardless of whether the data processing takes place in the continent or not. Regardless of the industry, all data-collecting services should appoint a data controller or data protection office who is in charge of the GDPR compliance.
There are harsh penalties for the organisations who don’t comply with the new rules to receive up to 4% of annual global revenue or 20 million Euros, whichever is greater.
However, GDPR compliance is another problem, with 32% of companies stating that remote work makes it difficult to comply with the new regulation, compared with just 16% last year, suggesting that compliance matter more now that more people are working remotely.
What’s more, when asked if their companies have an information security policy/strategy that covers workers’ use of their own IT equipment for their remote working, 88% confirmed they have a policy in place. More than 30% of the companies surveyed provided IT devices, of which 22% have security strategies in place to enforce this with endpoint control.
The endpoint control is an extra layer of security that protects data and systems wherever personnel is working and whatever device, so companies have complete confidence in integrating its data.
But employing such policies, digital tools, and procedures to reduce the threats associated with work from home should not be that difficult. Education and endpoint security is imperative to the process and is as simple as a solution to security as wearing a mask during the pandemic.
Any group trusted with customer data must take into account security threats because it’s not just security that’s on the line: data breaches aren’t just extremely pricey, but they can also tarnish a business’s reputation. With the right IT tools and the right information and training readily available for the end-user, remote work can be just as secure as working from a corporate environment.