Remote staff with critical data may be open to cyber attacks

Nearly half of the respondents in a new survey plan to bring in more remote workers in 2023, but businesses are failing to give them cybersecurity training

A third of companies are not providing any cybersecurity awareness training to remote workers, according to new research, which also revealed almost three-quarters of remote staff have access to critical business data.

The study published by cybersecurity provider Hornetsecurity also revealed nearly three-quarters (74 per cent) of remote staff have access to critical data, which is creating more risk for companies in the new hybrid working world.

Despite the current lack of training and employees feeling ill-equipped, almost half (44 per cent) of respondents said their organisation plans to increase the percentage of employees that work remotely.

"The popularity of hybrid work, and the associated risks, means that companies must prioritise training and education to make remote working safe,” says Daniel Hofmann, CEO of Hornetsecurity.

"Traditional methods of controlling and securing company data aren't as effective when employees are working in remote locations, and greater responsibility falls on the individual. Companies must acknowledge the unique risks associated with remote work and activate relevant security management systems, as well as empower employees to deal with a certain level of risk."

The independent survey, which questioned 925 IT professionals from various business types and sizes globally, highlighted the security management challenges and employee cybersecurity risks when working remotely.

Remote work without cybersecurity a risky business

The research revealed two core problems causing risk: employees having access to critical data, and not enough training being provided on how to manage cybersecurity or how to reduce the risk of a cyber-attack or breach.

"Increasing remote working cybersecurity measures is particularly important in the current climate, as cybercriminals are becoming smarter and using remote working to their advantage,” says Hofmann. “We've seen an increase in smartphone attacks as hackers understand that both personal and professional data can likely be accessed as people can, and often do, carry out work on personal devices".

While companies have adapted to new ways of working, cybersecurity risks linked to remote working remain. Nearly a fifth of tech professionals (18 per cent) say workers are not secure when working remotely, but almost three-quarters of employees (74 per cent) have access to critical data. Fourteen per cent of respondents said their organisation suffered a cybersecurity incident related to remote working.

The study also highlighted a lack of understanding, confidence and knowledge around cybersecurity from employees when working remotely. Nearly half (43 per cent) of IT professionals rate their confidence in their remote security measures as 'moderate' or worse, with the survey also finding that 'uncontrolled file sharing' was a common source of cybersecurity incidents (16 per cent).

The study found the main sources of cybersecurity incidents were compromised endpoints (28 per cent) and compromised credentials (28 per cent). In addition, 15 per cent said that employees use their own devices with some endpoint configuration for remote work. 

Training can help ensure attackers are less likely to carry out a successful breach when trying to exploit employees, says Hofmann. “This and endpoint management, are the two basic steps in reducing remote working risks."


Featured Articles

Gartner unveils top cybersecurity predictions for 2023-2024

Half of CISOs will formally adopt human-centric design practices into their cybersecurity programmes, while adoption of zero trust architecture will rise

DDoS protection market to grow amid increase in attacks

According to research by Cloudflare, DDoS attacks increased by 109% last year, with the last 12 months seeing some of the largest attacks the world

The impact data poisoning has on cyber and AI

We take a look at why the risks of data and AI poisoning is continuing to wreak havoc on the cybersecurity industry

Five innovative ways AI can help prevent cyber attacks

Cyber Security

SailPoint delivers new non-employee risk management solution

Cyber Security

Akamai shares details of Asia’s record-breaking DDoS attack

Network Security