Businesses that let their employees work at home during the COVID-19 pandemic have one big concern beyond communications and economics: security.
It's the elephant in the room. And the big
threat comes through email, judging by the 2020 Remote Workforce Security Report, a study by Cybersecurity Insiders.
Pity the poor IT manager who has to cope with the apparent
unpreparedness.
A whopping 75% of all firms have 75% of their employees now working at home, whereas last year 63% had less than one-fourth in remote environments.
Of those
polled, 41% have not taken any steps to provide secure access to their remote workforce. Yet 65% allow personal devices to access and manage applications, even though 55% see that as risky.
And 84% expect to continue work-at-home capabilities after the crisis, showing that the new normal may be permanent. They like the increased productivity.
In fact, 38% see higher
productivity from remote work, with 6% saying it is much higher.
advertisement
advertisement
But 63% fear work-at-home will affect their regulatory compliance, with 50% of those citing GDPR as the main law they have to
cope with.
Another 38% cite PCI DSS, and 38% must cope with other laws requiring security breach notification. In addition, 33% are affected by HIPAA (the law insuring health data
privacy), 17% by GLBA and 12% by FISMA.
The biggest threat vectors are malware (72%), phishing (67%) and unauthorized user access (59%).
Companies also feel imperiled by un-patched
systems/vulnerability exploits (44%), identity theft (41%), malicious websites (33%) and insider attacks (26%).
There are serious hurdles to scaling up security for a work-at-home staff,
including:
- Equipment for remote work (devices, cameras, accessories, etc.) — 50%
- Bandwidth restrictions impacting productivity — 37%
- Not enough licenses
— 26%
But they are trying. The respondents employ these security controls to secure remote, work-at-home locations:
- Anti-virus/anti malware — 77%
- Firewalls — 77%
- Virtual private network — 66%
- Multi-factor authentication — 66%
- Backup and recovery — 53%
- Password
management — 52%
- File encryption — 50%
- Endpoint security — 50%
Let’s say a company wants to secure its communications with remote staff.
This list of security challenges can serve as a to-do list:
- User awareness and training — 59%
- Home/public Wifi network security — 56%
- Use of
personal devices/BYOD — 43%
- Sensitive data leaving perimeter — 41%
- Increased security risks — 41%
- Lack of visibility — 33%
- Additional
cost of security solutions — 32%
Of the companies reflected here, 54% say that COVID-19 has accelerated the migration of their workforce to cloud-based apps. And 39% have
invested more user licenses, while 26% have added new vendors/solutions.
Another 18% have purchased more hardware.
Cybersecurity Insiders surveyed 413 IT and cybersecurity
professionals in the U.S.