Remote staff with critical data may be open to cyber attacks

Nearly half of the respondents in a new survey plan to bring in more remote workers in 2023, but businesses are failing to give them cybersecurity training

A third of companies are not providing any cybersecurity awareness training to remote workers, according to new research, which also revealed almost three-quarters of remote staff have access to critical business data.

The study published by cybersecurity provider Hornetsecurity also revealed nearly three-quarters (74 per cent) of remote staff have access to critical data, which is creating more risk for companies in the new hybrid working world.

Despite the current lack of training and employees feeling ill-equipped, almost half (44 per cent) of respondents said their organisation plans to increase the percentage of employees that work remotely.

"The popularity of hybrid work, and the associated risks, means that companies must prioritise training and education to make remote working safe,” says Daniel Hofmann, CEO of Hornetsecurity.

"Traditional methods of controlling and securing company data aren't as effective when employees are working in remote locations, and greater responsibility falls on the individual. Companies must acknowledge the unique risks associated with remote work and activate relevant security management systems, as well as empower employees to deal with a certain level of risk."

The independent survey, which questioned 925 IT professionals from various business types and sizes globally, highlighted the security management challenges and employee cybersecurity risks when working remotely.

Remote work without cybersecurity a risky business

The research revealed two core problems causing risk: employees having access to critical data, and not enough training being provided on how to manage cybersecurity or how to reduce the risk of a cyber-attack or breach.

"Increasing remote working cybersecurity measures is particularly important in the current climate, as cybercriminals are becoming smarter and using remote working to their advantage,” says Hofmann. “We've seen an increase in smartphone attacks as hackers understand that both personal and professional data can likely be accessed as people can, and often do, carry out work on personal devices".

While companies have adapted to new ways of working, cybersecurity risks linked to remote working remain. Nearly a fifth of tech professionals (18 per cent) say workers are not secure when working remotely, but almost three-quarters of employees (74 per cent) have access to critical data. Fourteen per cent of respondents said their organisation suffered a cybersecurity incident related to remote working.

The study also highlighted a lack of understanding, confidence and knowledge around cybersecurity from employees when working remotely. Nearly half (43 per cent) of IT professionals rate their confidence in their remote security measures as 'moderate' or worse, with the survey also finding that 'uncontrolled file sharing' was a common source of cybersecurity incidents (16 per cent).

The study found the main sources of cybersecurity incidents were compromised endpoints (28 per cent) and compromised credentials (28 per cent). In addition, 15 per cent said that employees use their own devices with some endpoint configuration for remote work. 

Training can help ensure attackers are less likely to carry out a successful breach when trying to exploit employees, says Hofmann. “This and endpoint management, are the two basic steps in reducing remote working risks."


Featured Articles

IT and OT security with Ilan Barda, CEO of Radiflow

Cyber Magazine speaks with Radiflow’s CEO, Ilan Barda, about converging IT and OT and how leaders can better protect businesses from cybersecurity threats

QR ‘Quishing’ scams: Do you know the risks?

QR code scams, or Quishing scams, are rising and pose a threat to both private users and businesses as cyberattacks move towards mobile devices

Zero Trust Segmentation with Illumio’s Raghu Nandakumara

Head of Industry Solutions at Illumio, Raghu Nandakumara, offers insight into the proposed ban on ransom payments and how businesses can utilise Zero Trust

Is the password dead? Legacy technology prevents the shift

Network Security

Fake Bard AI malware: Google seeks to uncover cybercriminals

Technology & AI

Gartner report highlights threat of supply chain attacks

Cyber Security