More than half of your employees are cutting corners with regards to cybersecurity while working from home, putting your organisation at risk. The coronavirus pandemic has forced all of us to quickly adjust to remote working and new research shows that workers are taking more risks online and with data than they would at the office.
At the core of the coronavirus crisis looms the reality that most organizations did not prepare for a "black swan" scenario where all employees would be working from home for an extended period of time, says Richard Bird, the chief customer information officer at Ping Identity.
54% of employees say they find workarounds
New results of email security company Tessian surveying 2,000 American and British employees — as well as 250 IT decision-makers — found 35% of employees take company documents and data with them when they leave a job. Despite 91% of IT leaders trusting them to do so, 54% of employees say they find workarounds when security policies prevent them from completing tasks.
Another report provides similar results. The "Digital Guardian Data Trends Report," paints an increasingly dire picture for organizations with an increasingly mixed set of devices accessing their servers from home networks, and hard-to-monitor employee data security practices.
Employees copied company data to USB drives 123% more
According to the Digital Guardian report, covering financial services, manufacturing, healthcare, and other businesses, employees copied company data to USB drives 123% more than before the pandemic's onset, with 74% of that data marked as "classified." Data egress over email, USB, and cloud services leaped 80%, with more than 50% of that data marked as "classified." Accompanying the spike in data copying is a 62% increase in malicious activity on corporate networks and servers, with a 54% bump in incident-response investigations. A related data point in Verizon's new 2020 DBIR report also states that financial gain drives 86% of data breaches, up from 71% in 2019.
According to Tessian's The State of Data Loss Report, some of the top reasons employees aren't completely following the same safe data practices as usual include working from their own device, rather than a company issued one, as well as feeling as if they can take additional risks because they're not being watched by IT and security.
In some cases, employees aren't purposefully ignoring security practices, but distractions while working from home – such as childcare, roommates and not having a desk set up like they would at the office – are having an impact on how people operate.
People will cut corners on security best practices when working remotely
Meanwhile, some employees say they're being forced to cut security corners because they're under pressure to get work done quickly. "People will cut corners on security best practices when working remotely and find workarounds if security policies disrupt their productivity in these new working conditions," said Tim Salder, CEO of Tessian. "But, all it takes is one misdirected email, incorrectly stored data file, or weak password, before a business faces a severe data breach that results in the wrath of regulations and financial turmoil."
At this point in time, you cannot afford not to step your users through new-school security awareness training. This is now a must. And a surprisingly affordable one. Get a quote and find out.
New-school Security Awareness Training is critical to enabling you and your IT staff to connect with users and help them make the right security decisions all of the time. This isn't a one and done deal, continuous training and simulated phishing are both needed to mobilize users as your last line of defense. Request your quote for KnowBe4's security awareness training and simulated phishing platform and find out how affordable this is!
