Millions of employees working remotely have gotten no information about how to keep their devices and home networks safe.
A new report from Kaspersky shows that employers are failing to prepare their workers for any and all cybersecurity risks present when handling enterprise business at home.
Millions of people across the world were forced to begin working from home in early March as countries put quarantine measures in place. Yet in the report, 73% of the 6,000 employees who spoke with Kaspersky researchers said they have "have not yet received any specific cybersecurity awareness guidance or training from their employer."
SEE: Security Awareness and Training policy (TechRepublic Premium)
To make matters worse, another 27% of workers said they have already been on the receiving end of COVID-19 related phishing emails. The findings are part of a larger Kaspersky study on how COVID-19 is changing the way people are working.
"It is difficult to keep things 'business as usual' when everything needs to change so dramatically," said Andrey Dankevich, senior product marketing manager at Kaspersky. "While employees are trying to get used to the new reality of working from home, IT and cybersecurity teams are under pressure to enable them to continue working safely."
Dozens of stories have covered the litany of cybersecurity dangers inherent in the massive shift to teleworking, which exposes business data to the insecurity of home networks and devices used by multiple children and other adults.
Yet the Kaspersky report shows that many businesses are still failing to prepare their employees for the various threats that have only increased since cybercriminals have increased efforts to take advantage of people working from home.
SEE: Coronavirus: Critical IT policies and tools every business needs (TechRepublic Premium)
"Many employees have also increased the use of online services for work that were not approved by their IT departments, known as shadow IT, such as video conferencing (70%), instant messengers (60%) or file storage services (53%)," the report said.
Kaspersky's Nikolay Pankov also highlighted other worrying statistics, like the fact that 68% of respondents said they use their own computers and just 53% of employees use a VPN to connect to corporate networks.
The report also notes that at least a third of respondents admitted to visiting adult websites on the laptops they also used for work, exposing themselves to even more risk considering cybercriminals often use these sites as a way to steal information or trick people into downloading malicious content.
Kaspersky included a number of suggestions in the report that ranged from making sure all employees know who to call in the event of a cybersecurity problem to paying close attention to workers who have to use personal devices.
Enterprises should also make sure all devices and systems are up to date with patches in addition to scheduling regular cybersecurity training sessions.
"Cyber incidents can only add difficulties to this challenge, so it is important to remain vigilant and make sure remote working is also secure working," Dankevich added.
- How to become a cybersecurity pro: A cheat sheet (TechRepublic)
- Kubernetes security guide (free PDF) (TechRepublic download)
- Information security policy (TechRepublic Premium)
- Online security 101: Tips for protecting your privacy from hackers and spies (ZDNet)
- All the VPN terms you need to know (CNET)
- Cybersecurity and cyberwar: More must-read coverage (TechRepublic on Flipboard)