Report: Working from home is the new normal, but cybersecurity isn't keeping up

COVID-19 has completely changed the work world, but many organizations have seemingly failed to realize that security risks are changing as well, a new report finds.

Freelancer with mug using laptop near dog

Image: Niyaz_Tavkaev, Getty Images/iStockphoto

IT solutions firm Electric has released a report about the state of remote work in the post-pandemic world, and has found that "the office of the future has arrived early," but cybersecurity hasn't been refocused in response.

The report found that the shift to remote work has been massive: There has been a 39% decrease in companies with less than 25% of their staff working remotely, and a whopping 250% increase in companies with more than three-quarters of their full-time employees working from home.

"The new normal will involve employees working more frequently from these less-controlled networking environments like homes, and as parts of the country reopen, potentially third spaces like cafes and libraries once again," Electric said.

Changes in the way people work have led to a well-documented explosion in adoption of collaboration and video conferencing technology, and Electric also found out which products are leading the pack there as well.

Microsoft Teams is the most popular chat tool, with 50.34% of respondents saying they use it; Skype for Business is No. 2 at 42.07%, and Slack comes in a distant third with only 18.62% of respondents saying they're using it. 

As for video conferencing, Zoom has remained dominant despite its security woes, with 57.24% saying they use it. Skype follows with 41.28%, and Google Hangouts is being used by 29.66% of respondents. 

How cybersecurity is falling behind 

"This new way of work with a greater emphasis on remote has surfaced the notion that the actual endpoints, meaning the mobile devices and computers that remote workers use to access company information, are critical to maintaining security," the report states.

The findings don't seem to indicate that businesses are taking this shift in cybersecurity seriously, which Electric explains with three data points: VPN usage, multifactor authentication adoption, and mobile device management (MDM) installation.

SEE: VPN: Picking a provider and troubleshooting tips (free PDF) (TechRepublic)

VPNs are an important part of remote work security because they encrypt traffic between an endpoint and business network, essentially extending the security of an organization's internal network to wherever an employee is located. Only 19.31% of respondents indicated that three-quarters or more of their organization access their network from outside through a VPN, leaving a lot of essential business machines without secure connections to business resources and data.

Multifactor authentication is also essential: It prevents malicious logins due to stolen credentials or devices, and while it's been more widely adopted it's still underused, only 48.28% of respondents said it was enabled companywide. 

Lastly, MDM, which allows IT teams to push updates to remote devices, as well as lock them, erase them, and otherwise keep sensitive data safe in the case of theft or loss, is a third important factor in keeping company-owned devices safe while deployed remotely.

The report found that only 13.79% of company-issues devices had MDM software installed on 75% or more of devices. 

Despite these low numbers, the report found that respondents were generally confident in the cybersecurity measures they take for remote workers: On average, respondents rated their remote work security practices a seven out of 10.

The COVID-19 pandemic accelerated the shift to remote work for many organizations, the report concluded, and "it's clear that remote work is going to continue to be a larger and larger fixture of modern business."

"The notion of the home office being an extension of your company needs to sink in now, not just for IT decision makers, but also for business leaders at all levels," the report said. That includes all the relevant security considerations that come with it.

Also see