Half of the organizations surveyed by Tessian were hit by a security incident while employees were working remotely. Here are some tips for mitigation.
The coronavirus pandemic and resulting lockdown have prompted a shift in how and where people work. In the past, working remotely may have been an option from many companies, but most employees likely spent most of their time in the office. Now, however, more people are working from home on a steady basis perhaps with an occasional trip to the office.
SEE: How to work from home: IT pro's guidebook to telecommuting and remote work (TechRepublic Premium)
But this shift to a remote or hybrid climate poses certain security risks for organizations and employees. A new report from security firm Tessian looks at some of the risks and offers advice for IT departments on how to grapple with them.
Based on a survey of 250 IT decision makers and 2,000 working professionals, Tessian's report "Securing the Future of Hybrid Working," found that 75% of the IT leaders believe that the future of work will be remote or hybrid. Further, only 11% of the working professionals said they'd want to work solely from the office in a post-pandemic world. Instead, the average employee would prefer working remotely at least two days a week.
Based on this year, however, there are risks to a remote environment. Half of the respondents said they experienced a data breach or security incident between March and July 2020, a period of remote working. Most of the attacks were phishing campaigns. Specifically, a third of those surveyed reported an increase in ransomware attacks deployed via phishing emails, while a quarter noticed a rise in vishing (voice spear phishing) attacks.
Other threats loom in a remote or hybrid work scenario. More than half of the employees surveyed admitted to using their own personal devices to work from home. That prompted IT leaders to cite such risks as downloading unsafe apps, malware infections, data leakage, unauthorized access to data, and an inability to manage all these different devices.
SEE: Social engineering: A cheat sheet for business professionals (free PDF) (TechRepublic)
More than three quarters of the IT leaders surveyed said they feel their company is at greater risk to insider threats as employees work remotely. Some of the respondents discovered employees sending files to their personal email accounts so they could print them at home. Others found that company information was being shared via personal email accounts.
More than half of the IT leaders said they're worried about remote employees connecting to public Wi-Fi. That's a valid concern as 58% of the employees admitted that they've considered or have already been connecting to such unprotected networks.
As organizations adopt a remote or hybrid work setup, IT leaders are nervous about other factors, including the wellbeing of employees, the use of unsafe data security practices, more data breaches and phishing attacks, and an increased workload for themselves and the IT group.
To help organizations better manage the security risks in a hybrid work environment, Tessian offers a few recommendations based on the feedback of those surveyed.
- Modify your BYOD (Bring Your Own Device) policies. Some 43% of the IT leaders said they're now aiming to upgrade their BYOD policies to better secure their organization for hybrid working.
- Offer more security training. Some 58% of the IT leaders plan to introduce more security training if their company adopts a permanent remote work environment. But such security training needs to be relevant and tailored to the employees. By using machine learning, organizations can enhance their training by alerting employees to specific threats. Offering such alerts within the context of their jobs can help prevent them from making mistakes and reinforce safe security behaviors.
- Require two-factor or multi-factor authentication. Some 58% of the IT leaders are looking to implement this type of security method.
- Upgrade or buy new endpoint protection. Almost half of the IT decision makers polled are aiming to improve their endpoint protection to better safeguard all devices that access the network.
- Upgrade or buy new VPN. Some 44% of the IT leaders polled want to enhance their VPN to protect the accounts and access used by remote employees.
"While it is great for employees, a hybrid way of working actually offers the worst of both worlds for IT teams who have to simultaneously manage and mitigate security risks that occur both in and out of the office, while providing a seamless experience that enables employees to work-from-anywhere," Tessian CEO and co-founder Tim Sadler said in a press release.
"Education on the threats people could be exposed to and the threats they pose to company security is an important first step," Sadler said. "Businesses also need to invest in solutions that alleviate the pressure on IT teams, providing them with greater visibility into employee behaviors, automating manual tasks, and alerting employees to threats to prevent them from causing security incidents before they happen."
- How to become a cybersecurity pro: A cheat sheet (TechRepublic)
- Mastermind con man behind Catch Me If You Can talks cybersecurity (TechRepublic download)
- Windows 10 security: A guide for business leaders (TechRepublic Premium)
- Online security 101: Tips for protecting your privacy from hackers and spies (ZDNet)
- All the VPN terms you need to know (CNET)
- Cybersecurity and cyberwar: More must-read coverage (TechRepublic on Flipboard)