As the dust from enabling employees to work remotely has settles, new data from security vendor PulseSecure highlights where remote security has been – and still is – a challenge.
COVID-19 has turned organizations upside-down, shifting priorities, budgets, and staffing – all in an effort to remain operational. But when making drastic changes to the way the business functions – particularly from a network perspective – security is likely going to be a challenge with user working on insecure devices, insecure networks, using non-standard applications, and with little governance and oversight.
But just how bad was it, and is it today?
The 2020 Work-From-Home Cybersecurity report from PulseSecure provides some insight into both what transpired as a result of COVID-19 and what the outlook is for organizations looking to return to some resemblance of “normal”. According to the report, the majority of organizations (77%) had less than one-quarter of their staff working remotely last year. But since the pandemic, 75% have three-quarters or more working remotely. Only 29% were fully prepared for the shift, which leads us to the discussion of whether organizations were/are properly secured for remotely working.
From the report data, it appears that security is has been – and still remains – an issue:
- 69% of organizations are concerned overall with work-from-home security risks
- 59% see users being security aware as the biggest security challenge
- 69% are concerned about phishing attacks
- 65% are allowing employees to access managed applications from personal devices
- The number one risk of concern (46% of orgs) is protection of corporate data
With 84% of organizations consider they will likely increase work-from-home capabilities in the future, it appears there is a lot of work to be done around ensuring the same level of corporate security for remote workers and their devices.
The challenge of user awareness can easily be addressed with Security Awareness Training, married with user phishing testing to educate users on the need for good security practices as part of their job, their role in corporate security – especially when working from home – and what modern-day cyberattacks look like to lessen the potential impact of an attack.
Remote work doesn’t need to be more risky; it just requires that organizations address the risk factors proactively in a way that aligns with a remote workforce. Online Security Awareness Training is one of those measures that can be impactful no matter where the employee works.