How remote employee behavior exposes companies to cyber risks. the main thing

What is the cause of security problems?

This is partly due to the fact that most companies do not

provides its employees with a corporate PC. Personal equipment may be less secure. This is causing concern among experts.

Japanese software companyCybersecurity Software Trend Micro conducted a global survey based on responses from over 13,000 telecommuters in 27 countries. With 78% of respondents working from home during the pandemic, the results will help CIOs take concrete steps to address cybersecurity issues for telecommuters.

No two employees are alike

The study authors worked with an independentexpert in the field of cyberpsychology, Dr. Linda K. Kay, to analyze the results of the study. It turned out that every organization has different types of employees who have different perceptions of the cybersecurity issue. Kay is confident that dialogue with staff, more effective training and staff awareness will help eliminate some of the threats. The fact is that many simply do not know or do not understand the problem or do not consider it significant.

But there is good news as well.

Despite physical isolation from colleagues andexecutives, the overwhelming majority of employees (72%) in the survey said they became more concerned about cybersecurity while isolated and working from home. Only 4% of respondents admitted that they began to pay less attention to the problem.

But what does this mean in practice?

The biggest security threat isusing a non-working application for the company's business. Experts recommend using approved corporate platforms to submit critical work files, taking the instructions of the IT team seriously, as 85% said, and agreeing that they have an important responsibility for keeping the organization safe.

In addition, experts pay attention to the questionuse of email. For example, many security problems in companies have been caused by the trivial opening of questionable emails. People fall for the bait for attractive offers like free cloud storage or faster internet speeds. This is especially dangerous when employees use corporate laptops (if provided by the company).

However, this problem can be solved by training security personnel on the Internet.

The main threats

The good news ends there. During their research, security experts also discovered poor security practices that could expose organizations to serious cyber risks.

  • Using unsecured Wi-Fi

Almost 40% of respondents said they alwaysor often use public Wi-Fi without using a corporate VPN. This potentially allows attackers to examine browsing history and confiscate passwords. A third of the respondents admitted that they even worked with confidential documents in public places. This greatly simplifies access to obtaining classified information without the use of tracking devices by fraudsters.

  • Work laptops are exposed to network threats

Only 20% of those surveyed stated that they neveruse their work laptops for personal use. More than a third do it freely, and another 45% do it only during business trips. Experts warn that this threatens to disclose corporate data to malware that is often found on torrent sites, unapproved app stores, adult content sites, and more.

  • Unprotected PCs are used to access work data

The use ofremote employees of their own potentially less secure devices to access corporate systems. 40% of respondents said they do this often or on a regular basis.

  • Using third-party applications

The experts are even more worried about thethe fact that 40% of remote workers systematically upload corporate data to third-party applications. While these may be legitimate applications, the fact that they are not sanctioned by the IT department exacerbates security concerns.

What can be done?

Despite the multitude of threats, companies can do much to mitigate the consequences of risky employee behavior even in the context of massive remote work, experts say.

IT security managers must combinestrict company policies regarding the acceptable use of corporate data, with regular risk assessments of the data available to various employees and methodological education and training of personnel. Employees who work remotely must know how to detect phishing attacks. For this, experts suggest using practical tasks and modeling various situations to change behavior.

Remote work will sooner or later becomeeverywhere, regardless of the epidemiological situation, analysts predict. Now that the initial problems of organizing a remote office have been resolved, it is time to start full-scale work to reduce the risks identified in the study.

Read also

Scientists have identified the cause of the explosion in Beirut on social networks

Due to plate movement, the Pacific Ocean floor is now deep under China

Research: melting permafrost revives ancient microbes