Businesses that let their employees work at home during the COVID-19 pandemic have one big concern beyond communications and economics: security.
It's the elephant in the room. And the big threat comes through email, judging by the 2020 Remote Workforce Security Report, a study by Cybersecurity Insiders.
Pity the poor IT manager who has to cope with the apparent unpreparedness.
A whopping 75% of all firms have 75% of their employees now working at home, whereas last year 63% had less than one-fourth in remote environments.
Of those polled, 41% have not taken any steps to provide secure access to their remote workforce. Yet 65% allow personal devices to access and manage applications, even though 55% see that as risky.
And 84% expect to continue work-at-home capabilities after the crisis, showing that the new normal may be permanent. They like the increased productivity.
In fact, 38% see higher productivity from remote work, with 6% saying it is much higher.
But 63% fear work-at-home will affect their regulatory compliance, with 50% of those citing GDPR as the main law they have to cope with.
Another 38% cite PCI DSS, and 38% must cope with other laws requiring security breach notification. In addition, 33% are affected by HIPAA (the law insuring health data privacy), 17% by GLBA and 12% by FISMA.
The biggest threat vectors are malware (72%), phishing (67%) and unauthorized user access (59%).
Companies also feel imperiled by un-patched systems/vulnerability exploits (44%), identity theft (41%), malicious websites (33%) and insider attacks (26%).
There are serious hurdles to scaling up security for a work-at-home staff, including:
But they are trying. The respondents employ these security controls to secure remote, work-at-home locations:
Let’s say a company wants to secure its communications with remote staff. This list of security challenges can serve as a to-do list:
Of the companies reflected here, 54% say that COVID-19 has accelerated the migration of their workforce to cloud-based apps. And 39% have invested more user licenses, while 26% have added new vendors/solutions.
Another 18% have purchased more hardware.
Cybersecurity Insiders surveyed 413 IT and cybersecurity professionals in the U.S.