• by Ray Schultz , Columnist, May 27, 2020

Businesses that let their employees work at home during the COVID-19 pandemic have one big concern beyond communications and economics: security.

It's the elephant in the room. And the big threat comes through email, judging by the 2020 Remote Workforce Security Report, a study by Cybersecurity Insiders.

Pity the poor IT manager who has to cope with the apparent unpreparedness.

A whopping 75% of all firms have 75% of their employees now working at home, whereas last year 63% had less than one-fourth in remote environments. 

Of those polled, 41% have not taken any steps to provide secure access to their remote workforce. Yet 65% allow personal devices to access and manage applications, even though 55% see that as risky.

And 84% expect to continue work-at-home capabilities after the crisis, showing that the new normal may be permanent. They like the increased productivity.

In fact, 38% see higher productivity from remote work, with 6% saying it is much higher.

But 63% fear work-at-home will affect their regulatory compliance, with 50% of those citing GDPR as the main law they have to cope with. 

Another 38% cite PCI DSS, and 38% must cope with other laws requiring security breach notification. In addition, 33% are affected by HIPAA (the law insuring health data privacy), 17% by GLBA and 12% by FISMA.

The biggest threat vectors are malware (72%), phishing (67%) and unauthorized user access (59%).

Companies also feel imperiled by un-patched systems/vulnerability exploits (44%), identity theft (41%), malicious websites (33%) and insider attacks (26%). 

There are serious hurdles to scaling up security for a work-at-home staff, including:

• Equipment for remote work (devices, cameras, accessories, etc.) — 50%
• Bandwidth restrictions impacting productivity — 37%
• Not enough licenses — 26%

But they are trying. The respondents employ these security controls to secure remote, work-at-home locations:

• Anti-virus/anti malware — 77%
• Firewalls — 77% 
• Virtual private network — 66%
• Multi-factor authentication — 66%
• Backup and recovery — 53% 
• Password management — 52%
• File encryption — 50%
• Endpoint security — 50%

Let’s say a company wants to secure its communications with remote staff. This list of security challenges can serve as a to-do list: 

• User awareness and training — 59% 
• Home/public Wifi network security — 56%
• Use of personal devices/BYOD — 43%
• Sensitive data leaving perimeter — 41%
• Increased security risks — 41%
• Lack of visibility — 33%
• Additional cost of security solutions — 32%

Of the companies reflected here, 54% say that COVID-19 has accelerated the migration of their workforce to cloud-based apps. And 39% have invested more user licenses, while 26% have added new vendors/solutions.

Another 18% have purchased more hardware.

Cybersecurity Insiders surveyed 413 IT and cybersecurity professionals in the U.S.