Liberated from conventional office routines and dress codes, working from home offers employees a much more casual experience. Unfortunately, too many remote workers are taking a similarly casual approach to cybersecurity.
Risky behaviors by remote workers are creating insider threats that compromise the overall security of their companies, according to a number of recent studies and surveys. Whether inadvertent or intentional, these behaviors have contributed to an extraordinary increase in cyber threats. The FBI's Internet Crimes Complaint Center (IC3) reports that cyberattacks are up by 400 percent compared to pre-pandemic levels.
Most organizations understood that their remote workers would be inviting targets because they lack many of the protections typically provided in a secure office environment. What’s been surprising is that even with increased awareness of the risk, remote employees routinely disregard basic security best practices.
A Trend Micro study finds that although 72 percent of remote workers say they are more conscious of their organization’s cybersecurity policies since lockdowns began, many are breaking the rules anyway as they seek more expedient or convenient ways to get their work done. Interviews with 13,200 remote workers across 27 countries revealed that:
- 56 percent admit to using a non-work application on a corporate device, and 66 percent of those say they uploaded corporate data to the unsanctioned applications.
- 29 percent say they don’t care if the apps they use are sanctioned by their IT department because company-approved solutions are “nonsense.”
- 80 percent admit they use their work laptop for personal browsing, and only 36 percent of them restrict the sites they visit.
- 39 percent say they knowingly violate company policy by accessing corporate data from a personal device.
A separate study from CyberArk suggests that such risky behaviors are particular common among working parents who must juggle work responsibilities with childcare and home-schooling duties. The study found that 57 percent of working parents insecurely save passwords in browsers on their corporate devices, 89 percent reuse passwords across applications and devices, and 21 percent allow other members of their household to use their corporate devices for activities such as schoolwork, gaming and shopping.
Although most cybersecurity solutions and processes are designed to thwart sophisticated external threats from hackers, studies suggest that insider threats are far more common. Almost three-quarters of all threats originate from within the organization, according to research from Vanson Bourne.
Insider threats are rarely malicious in intent, however. They usually result from employees who unintentionally mishandle sensitive data or commit policy violations with “work-arounds” that bypass the IT process. Common behaviors known to create risk include failing to log off computers, using unsecure public Wi-Fi networks, sending files to personal email accounts, downloading data to an external drive or memory stick, and writing down passwords.
Employee education and training programs can help organizations combat insider threats. However, a single webinar or PowerPoint presentation won’t do much to modify employee behavior. A new study by researchers from several German universities finds security awareness training produces short-lived results, with most employees forgetting much of what they learned within six months. The results reinforce what industry insiders have long believed — that security training must be repeated regularly to produce lasting behavioral changes.
Remote workers have been at a bit of a security disadvantage from the beginning of the pandemic due to the hurried nature of the transition. With little experience and even less training, they’ve often been forced to experiment with a variety of applications and services to manage work requirements.
RMM understands the challenges, which is why we have crafted a portfolio of remote security tools and training programs designed specifically for the remote workforce. Call us to learn how we can help you mitigate insider threats and keep your businesses secure and productive.