Endpoint protection for remote workers is still a huge concern, but one report finds that there may be light at the end of the tunnel as businesses signal they're spending more on user training.
A report from anti-theft software company Prey found that, while cybersecurity concerns regarding remote work are still prevalent, most businesses have taken positive steps to improve their security postures and have improved their security training over the past year.
There's no shortage of studies finding that COVID-19 mandated shifts to remote work have been bad for cybersecurity, but there are few reports that highlight the good that cybersecurity professionals have done in the past year. Prey's Shift: Status of the Remote Work Cybersecurity Landscape report definitely contains a lot of information to make security professionals worried, but it isn't without its bright spots that may signal a much more secure 2021.
SEE: Security incident response policy (TechRepublic Premium)
Widespread remote work wasn't an option in early 2020, but the pandemic shut down the whole world and forced businesses to make rapid changes that they weren't prepared for. "IT guys and administrators were scrambling to meet the growing demands of thousands of new home workers. And that's not all: security measures, data encryption, communication protocols, hardware management, inventory control and even identification had to change and adapt to this new reality," the report said.
Thirty-seven percent of respondents said their IT infrastructure was unprepared for the number of remote employees they were forced to deal with, 36% of employees began using untested third-party software and 33% of IT departments were simply too overwhelmed to keep up. Other commonly cited problems that arose at the beginning of the pandemic were a lack of budget for necessary updates, too few devices for remote workers and a lack of skills in the IT department to support completely remote work.
Sixty-three percent of respondents said that the number of threats their organizations faced increased after the pandemic started, and 92% agreed that remote work has made cybersecurity more challenging. "IT managers have limited power over what happens at home, and workers may or may not inform about setting changes made in the network," The report said.
According to Prey, endpoint security is the biggest concern businesses need to face in the world of widespread remote work, which is unlikely to be going anywhere in the near future. The lines between home and work are getting blurry, and so are our devices, the report said. That analysis is backed up by the fact that 67% of respondents reported an increase in endpoint misuse since the start of the pandemic.
SEE: How to manage passwords: Best practices and security tips (free PDF) (TechRepublic)
This all may sound like a bundle of insurmountable problems for businesses facing the prospect of a long-term adoption of remote work, but Prey's data paints a different picture; one in which things are getting better slowly but surely, with the pandemic likely a major educational episode for employees. "Most organizations declare that their employees are mostly aware [of cybersecurity risks], we could only assume that enterprises are doing a good job and believe in their subordinates," the report said.
However, only 30% strongly agree that their remote employees realize how they may be putting their organizations at risk, and 48% said they only somewhat agree with that statement. Luckily, it seems organizations are aware of the discrepancy between employees knowing that security is a concern and not knowing how they can negatively impact that security: 59% said they've created or revisited remote cybersecurity policies for all employees, and 32% said they've done the same for most.
Furthermore, 88% said they've increased their training efforts since the beginning of the pandemic, a sign that the state of cybersecurity for remote workers should only improve from here. "Policies are being modified and a high percentage of organizations are increasing their investment in education and training for employees," the report said.
- Wells Fargo and Chase now among most imitated brands in phishing attacks (TechRepublic)
- DDoS attacks increased by 20% in 2020, meaning everyone should consider themselves at risk (TechRepublic)
- How to become a cybersecurity pro: A cheat sheet (TechRepublic)
- Security threats on the horizon: What IT pro's need to know (free PDF) (TechRepublic)
- Checklist: Securing digital information (TechRepublic Premium)
- Online security 101: Tips for protecting your privacy from hackers and spies (ZDNet)
- Cybersecurity and cyberwar: More must-read coverage (TechRepublic on Flipboard)