A third of companies are not providing any cybersecurity awareness training to remote workers, according to new research, which also revealed almost three-quarters of remote staff have access to critical business data.
The study published by cybersecurity provider Hornetsecurity also revealed nearly three-quarters (74 per cent) of remote staff have access to critical data, which is creating more risk for companies in the new hybrid working world.
Despite the current lack of training and employees feeling ill-equipped, almost half (44 per cent) of respondents said their organisation plans to increase the percentage of employees that work remotely.
"The popularity of hybrid work, and the associated risks, means that companies must prioritise training and education to make remote working safe,” says Daniel Hofmann, CEO of Hornetsecurity.
"Traditional methods of controlling and securing company data aren't as effective when employees are working in remote locations, and greater responsibility falls on the individual. Companies must acknowledge the unique risks associated with remote work and activate relevant security management systems, as well as empower employees to deal with a certain level of risk."
The independent survey, which questioned 925 IT professionals from various business types and sizes globally, highlighted the security management challenges and employee cybersecurity risks when working remotely.
Remote work without cybersecurity a risky business
The research revealed two core problems causing risk: employees having access to critical data, and not enough training being provided on how to manage cybersecurity or how to reduce the risk of a cyber-attack or breach.
"Increasing remote working cybersecurity measures is particularly important in the current climate, as cybercriminals are becoming smarter and using remote working to their advantage,” says Hofmann. “We've seen an increase in smartphone attacks as hackers understand that both personal and professional data can likely be accessed as people can, and often do, carry out work on personal devices".
While companies have adapted to new ways of working, cybersecurity risks linked to remote working remain. Nearly a fifth of tech professionals (18 per cent) say workers are not secure when working remotely, but almost three-quarters of employees (74 per cent) have access to critical data. Fourteen per cent of respondents said their organisation suffered a cybersecurity incident related to remote working.
The study also highlighted a lack of understanding, confidence and knowledge around cybersecurity from employees when working remotely. Nearly half (43 per cent) of IT professionals rate their confidence in their remote security measures as 'moderate' or worse, with the survey also finding that 'uncontrolled file sharing' was a common source of cybersecurity incidents (16 per cent).
The study found the main sources of cybersecurity incidents were compromised endpoints (28 per cent) and compromised credentials (28 per cent). In addition, 15 per cent said that employees use their own devices with some endpoint configuration for remote work.
Training can help ensure attackers are less likely to carry out a successful breach when trying to exploit employees, says Hofmann. “This and endpoint management, are the two basic steps in reducing remote working risks."
- ClubCISO: Survey highlights ongoing cyber industry expansionOperational Security
- Aon data breach: MOVEit data hack exposes major corporationsCyber Security
- Japan criticises Fujitsu for cloud security failingsCyber Security
- Imperva: Shadow AI set to drive new wave of insider threatsCyber Security