The coronavirus pandemic and lockdown forced organizations to shift many of their employees to a work-from-home scenario. But such a quick transition opened the door to several security risks, many of which are still around almost a year later. A report published Tuesday by security firm PC Matic looks at the security practices and pitfalls among a range of organizations.
SEE: Working from home: How to get remote right (free PDF) (TechRepublic)
The data for the report on “COVID-19 Cybersecurity in the Remote Workforce” was collected from a February 2021 survey of more than 5,800 employees in the U.S. on their current WFH situation. PC Matic conducted a similar survey in early 2020 to learn about the initial security habits of remote workforces. Asking the same questions, the firm wanted to see if there were any differences a year later.
Among those surveyed, 36% said they currently work at home as a result of COVID-19, down slightly from the 42% who were working from home a year ago. Asked whether they were issued company devices for working remote, 39% said yes, virtually the same percentage as in February 2020.
With 61% of those polled seemingly using their own personal devices for working at home, security risks can easily increase. Asked if their employer offered them an antivirus solution to install on their personal device for work purposes, only 9% said yes. That left 91% without any company-provided security software, almost the same number as a year ago.
A VPN can help secure remote connections to an organization’s network and should be available for all remote workers. Among the respondents, 43% said they do currently use a VPN, up slightly from 40% last year. The latest percentage still left 38% who don’t use a VPN and 19% who said they weren’t sure if they do use one.
Remote workers also need support from their organization’s help desk and IT staff, especially as they shift to a WFH environment. Among those surveyed, 49% said they received IT support services while transitioning to remote workstations, down only slightly from 51% a year prior. But such support also must be ongoing. Among the respondents, 51% said they’ve received IT support services throughout the duration of their WFH experience. But that still left almost half who said they’ve gotten no such continuous support.
“It’s unfortunate to see that the data has remained consistent over the course of the last year,” the report said. “In the best-case scenario, we would have seen security increase and many of these numbers go down. A healthy security plan would include the supply of company devices that do not allow personal use, a mixture of security software including a VPN that is mandatory when accessing company information and continued IT support for remote employees.”
To help your organization better protect against security risk due to your remote work setup, PC Matic suggests the following tips:
- Ensure that every device on your network uses a proactive antivirus software. The FBI, NIST, DHS, and others also recommend application whitelisting.
- Ensure that employees practice proper password hygiene. This means using different passwords at work and home as well as using a complex password. Employers can issue passwords to employees and eliminate the potential for passwords to be used and overused at home and work.
- Educate your employees on cybersecurity. The more your employees know, the more likely they’ll be to spot phishing emails and other threats. Invest in proper training and make sure your employees stay up to date on the latest threats.
- Insist that employees user their work devices for work purposes only. Don’t allow employees to check personal emails, use social media, or shop online with company devices. Enforcing these rules will lessen the risk of someone wandering off to a malicious website.