Since the COVID-19 lockdown began, security and IT professionals across the globe have faced extraordinary challenges.
Almost overnight, UK employers pivoted to support an unexpected surge in homeworking as the UK Government urged that “everyone who can work from home must do so“, leaving many organisations in a position of increased business risk as their newly-minted remote workforce switched to working from dining rooms, bedrooms, and kitchen tables.
Fast forward to 2021 and many of the early challenges faced in migrating their users to the new normal of “anywhere working” have been overcome, but as a survey of 300 UK cyber security professionals by our partner Censornet reveals, while 91% of cyber security professionals are confident that their cloud security solutions are effectively protecting people at home, risky remote working behaviour shows a disconnect between the perception of how well protected an organisation is when employees are working remotely and the realities of today’s remote working culture.
73% of cyber security teams said that they trusted employees to follow advice, but 87% of these same respondents said that most threats could be prevented if employees followed best practice.
Organisations can’t assume that all employees have switched to remote working effectively and need little further assistance or guidance from their employer. Whether it’s a result of more flexible working hours, fewer restrictions or more relaxed access policies on work laptops, the boundaries between work/life activities have never been more blurred.
67% of respondents have identified that employees are engaging in unproductive activity on the web, such as using streaming services at work like Netflix or Amazon Prime Video (35%).
With unsuitable content hiding just a scratch beneath the surface, and often hosted on mainstream platforms, it is no surprise that downloading inappropriate ‘NSFW’ images and video is a very real concern for organisations in a world where work and home devices commonly overlap.
21% of respondents reported that they had caught employees visiting adult sites at work.
It is not just erotic content. In today’s polarised political landscape, everything from sensitive gender and race issues to extremist content is highly accessible through a patchwork of platforms. In UK employment law, an employer is liable for the acts of its employees, which means that directors and officers of companies can be held to account for illegal content employees are accessing on company-provided devices in the new cloud-dominant “anywhere working” environment.
As diverse working locations become the norm and with an increase in ‘less informed’ remote users, it’s no surprise that there has been an increase in stolen credentials and Account Takeover (ATO) attacks.
Account breaches, particularly those of high-ranking staff or IT administrators carry risks to data and IT systems, and when the majority of data breaches start with weak or stolen credentials, organisations are going to need more than passwords to secure accounts and inboxes.
Unpredictable and hard to secure at scale, people present a far more reliable attack vector than any exotic vulnerability. The risk of data loss through unauthorised data sharing and unmanaged user interactions within the cloud pose strong security concerns for organisations dealing with authorised and ‘Shadow IT’.
26% of respondents identified sharing links to documents in the cloud without authorisation as the third most common risky remote working behaviour.
The rapid shift to homeworking in 2020 led to businesses adopting a plethora of tools to support and enable their remote workforce, but yesterday’s on-the-fly deployments can leave unforeseen gaps in an organisation’s 2021 security posture. Identifying and then closing these ‘blind-spots’ ensures that employees are connected, supported, and secure no matter where they are working in today’s “anywhere working” environment.
The report provides contemporary insight into the disconnect between the perception of how well protected an organisation is when employees are working remotely and the realities of today’s remote working culture, alongside practical advice to help IT security teams provide a safe and flexible environment that empowers people and organisations to meet the challenges of ‘Anywhere Working’.