Remote Workers Pose New Security Risks

Organizations sent workers home during COVID-19 lockdown without adequate security preparation.

The sudden and massive shift to a work-from-home workforce has left millions of employees ill-prepared to handle the new cybersecurity challenges they face, a new study has found.

Threatpost Webinar Promotion: The Enemy Within: How Insider Threats Are ChangingThough many people had no previous work-at-home experience until this year, they were sent home to navigate the security quagmire of using their own personal laptop and mobile devices as well as new videoconferencing services largely without guidance on security issues from their employers, a new survey (PDF) from IBM Security found.

This is even though the majority of people who went to work from home believed that their organization could keep personal identifiable information (PII) secure while they were working remotely, the survey found.

The company polled 2,001 adults in the United States between June 4 and June 7 who are newly working from home due to COVID-19, and found that 93 percent of them didn’t particularly worry about data security when they made the transition.

However, responses show that remote workers who didn’t have much experience working from home before the lockdown pose a major security risk that companies did not try to solve, basically sending them home to fend for themselves.

Fifty-three percent of those polled said they are using their own personal devices for work–including both their own laptops and mobile devices–and 90 percent are conducting business over their home networks. However, this activity is done often without any new security protections in place, the survey found.

Moreover, 45 percent of those surveyed said they did not receive any new training to move their work to their home environment, even though 83 percent reported that working from home was not a typical practice for them prior to the COVID-19 pandemic, the survey found.

Passwords were a particularly troubling aspect of organizations’ lack of guidance, especially when they have proven time and again to be a hotspot of problems when it comes to basic data security.

A separate recent survey published in May found that people know reusing their passwords is a foolish security practice; however, they still do it in large numbers. The IBM survey found that this also is a trend among newly remote workers, with 35 percent saying they are reusing passwords even for business at home. However, 66 percent of those surveyed said they were not provided with new password guidelines by their employers.

Another COVID-19 trend that has proven to be a major security risk is the increase in video conferencing—particularly using the Zoom online service—that working from home requires.

Not surprisingly, those polled by IBM reported an uptick in videoconferencing since they were sent to work from home, with more than 55 percent reporting that they conduct one to five meetings via videoconferencing per week, while another 20 percent said this number was between six and 10.

Despite their increased frequency of videoconferencing, organizations largely did not prepare workers for the new risks that come with this behavior, with 55 percent of those polled saying that their employer either did not introduce security policies around videoconferencing, or that they were unsure of what they were.

Even while new remote workers showed a confidence in employers ability to secure their data even from home, the survey found they are not completely oblivious to the new risks they face.

Forty-seven percent of those polled acknowledged that they are concerned about cybersecurity, though those working for larger forms had greater confidence in their employers than those working for smaller firms, the survey found.

Insider threats are different in the work-from home era. On June 24 at 2 p.m. ET, join the Threatpost edit team and our special guest, Gurucul CEO Saryu Nayyar, for a FREE webinar, “The Enemy Within: How Insider Threats Are Changing.” Get helpful, real-world information on how insider threats are changing with WFH, what the new attack vectors are and what companies can do about itPlease register here for this Threatpost webinar.

Suggested articles