Remote staff with critical data may be open to cyber attacks

Nearly half of the respondents in a new survey plan to bring in more remote workers in 2023, but businesses are failing to give them cybersecurity training

A third of companies are not providing any cybersecurity awareness training to remote workers, according to new research, which also revealed almost three-quarters of remote staff have access to critical business data.

The study published by cybersecurity provider Hornetsecurity also revealed nearly three-quarters (74 per cent) of remote staff have access to critical data, which is creating more risk for companies in the new hybrid working world.

Despite the current lack of training and employees feeling ill-equipped, almost half (44 per cent) of respondents said their organisation plans to increase the percentage of employees that work remotely.

"The popularity of hybrid work, and the associated risks, means that companies must prioritise training and education to make remote working safe,” says Daniel Hofmann, CEO of Hornetsecurity.

"Traditional methods of controlling and securing company data aren't as effective when employees are working in remote locations, and greater responsibility falls on the individual. Companies must acknowledge the unique risks associated with remote work and activate relevant security management systems, as well as empower employees to deal with a certain level of risk."

The independent survey, which questioned 925 IT professionals from various business types and sizes globally, highlighted the security management challenges and employee cybersecurity risks when working remotely.

Remote work without cybersecurity a risky business

The research revealed two core problems causing risk: employees having access to critical data, and not enough training being provided on how to manage cybersecurity or how to reduce the risk of a cyber-attack or breach.

"Increasing remote working cybersecurity measures is particularly important in the current climate, as cybercriminals are becoming smarter and using remote working to their advantage,” says Hofmann. “We've seen an increase in smartphone attacks as hackers understand that both personal and professional data can likely be accessed as people can, and often do, carry out work on personal devices".

While companies have adapted to new ways of working, cybersecurity risks linked to remote working remain. Nearly a fifth of tech professionals (18 per cent) say workers are not secure when working remotely, but almost three-quarters of employees (74 per cent) have access to critical data. Fourteen per cent of respondents said their organisation suffered a cybersecurity incident related to remote working.

The study also highlighted a lack of understanding, confidence and knowledge around cybersecurity from employees when working remotely. Nearly half (43 per cent) of IT professionals rate their confidence in their remote security measures as 'moderate' or worse, with the survey also finding that 'uncontrolled file sharing' was a common source of cybersecurity incidents (16 per cent).

The study found the main sources of cybersecurity incidents were compromised endpoints (28 per cent) and compromised credentials (28 per cent). In addition, 15 per cent said that employees use their own devices with some endpoint configuration for remote work. 

Training can help ensure attackers are less likely to carry out a successful breach when trying to exploit employees, says Hofmann. “This and endpoint management, are the two basic steps in reducing remote working risks."


Featured Articles

Tech & AI LIVE: Key Events that are Vital for Cybersecurity

Connecting the world’s technology and AI leaders, Tech & AI LIVE returns in 2024, find out more on what’s to come in 2024

MWC Barcelona 2024: The Future is Connectivity

Discover the latest in global technology and connectivity at MWC Barcelona 2024, where industry giants converge to discuss 5G, AI and more industry trends

AI-Based Phishing Scams Are On The Rise This Valentine’s Day

Research from Egress Threat Intelligence, Avast, Cequence Security & KnowBe4 outlines how AI is being used in dating app phishing scams on Valentine’s Day

Speaker Lineup Announced for Tech Show London 2024

Technology & AI

Darktrace predicts AI deepfakes and cloud vulnerabilities

Cloud Security

Secure 2024: AI’s impact on cybersecurity with Integrity360

Technology & AI