Could cybersecurity issues make us rethink remote work? 

Business leaders have realized that they can trust employees, even if they’re not under the same roof. But when it comes to cybersecurity policy, it seems there's a way to go.
17 December 2020

Since we first abandoned our offices in early 2020 to the confines of our own kitchen tables, remote work has been tried, tested, and generally agreed to be beneficial to businesses. 

Countless surveys and reports have cited gains to productivity and better work-life balance; no longer are cities congested with commuter crowds, and cloud solutions provide the functionality we need to get our day’s work done ‘alongside’ colleagues, albeit virtually. 

Any inherent shortcomings in videoconferencing or collaboration tools meanwhile, will be ousted in a now hotly-competitive and innovative market in the year to come. 

And that’s not to mention new access to a potentially global talent pool.

But there’s been a recurring and growing problem with this new distributed way of working that we’ve still yet to put a lid on — cybersecurity

A report earlier this year found by Promon found that two-thirds of remote workers had not received any cybersecurity training from employers. At the same time, 61% of workers claimed to be using personal devices, lacking enterprise-grade security tools. 

That’s not to say organizations aren’t putting the cybersecurity measures in place, either. A new report Cyberark finds that 67% of employees admit to finding workarounds to corporate security policies in order to be more productive. 

That includes sending work documents to a personal email address, sharing passwords, and installing rogue applications. 

However poor security habits go far beyond sidestepping a policy or two and more education is not changing these behaviors. Over half (54%) of the employees surveyed said they had received remote-work specific security training, yet:

  • 69% of respondents admit to using corporate devices for personal use.
  • 57% of all remote workers admit that they allow other members of their household to use their corporate devices for activities like schoolwork, gaming and shopping – a 185% increase from a similar survey conducted in the spring.
  • 82% of all remote workers admit to reusing passwords — a 12% increase from the spring.

With ICO findings that 90% of cyber-breaches are the result of human error, such as clicking on a phishing link or using a compromised password, a lack of adherence to cybersecurity guidelines could lead many organizations to “reconsider the long-term viability” of remote working, according to CyberArk.

“Two national lockdowns later, as we continue to adapt to this new way of operating, it is the combined responsibility of both organizations and employees to ensure that the sensitive information held by all organizations is not endangered by remote working,” said Rich Turner, SVP EMEA at CyberArk.

“Companies should continuously implement and reinforce user-friendly tools and policies. Simultaneously, employees must operate to a higher standard of security at home so as not to become an attack vector for attackers to easily exploit.”

Business leaders have realized that, for the most part, they can trust employees are doing their job, even if they’re not under the same roof. But when it comes to cybersecurity policy, it seems there’s still some way to go.