New research from leading cybersecurity provider
Hornetsecurity has found that 33% of companies are not providing any cybersecurity awareness training to users who work remotely.
The
study also revealed nearly three-quarters (74%) of remote staff have
access to critical data, which is creating more risk for companies in
the new hybrid working world.
Despite the current lack of
training and employees feeling ill-equipped, almost half (44%) of
respondents said their organisation plans to increase the percentage of
employees that work remotely.
Daniel Hofmann, CEO of
Hornetsecurity, said: "The popularity of hybrid work, and the associated
risks, means that companies must prioritise training and education to
make remote working safe. Traditional methods of controlling and
securing company data aren't as effective when employees are working in
remote locations and greater responsibility falls on the individual.
Companies must acknowledge the unique risks associated with remote work
and activate relevant security management systems, as well as empower
employees to deal with a certain level of risk."
Challenges and risks
The
independent survey, which quizzed 925 IT professionals from a range of
business types and sizes globally, highlighted the security management
challenges and employee cybersecurity risk when working remotely.
The
research revealed two core problems causing risk: employees having
access to critical data, and not enough training being provided on how
to manage cybersecurity or how to reduce the risk of a cyber-attack or
breach.
Hofmann commented: "Increasing remote working
cybersecurity measures is particularly important in the current climate,
as cybercriminals are becoming smarter and using remote working to
their advantage. We've seen an increase in smartphone attacks as hackers
understand that both personal and professional data can likely be
accessed as people can, and often do, carry out work on personal
devices."
Remote working security issues
While
companies have adapted to new ways of working, cybersecurity risks
linked to remote working, remain untackled. Nearly a fifth of IT
professionals (18%) say workers are not secure when working remotely,
but almost three-quarters of employees (74%) have access to critical
data. Perhaps unsurprisingly, 14% of respondents said their organization
suffered a cybersecurity incident related to remote working.
Remote
working is not only known by professionals to bring unique issues, but
people are experiencing the consequences of inadequate protection
measures and insufficient remote management.
Lack of knowledge amplifies risk
The
study also highlighted a lack of understanding, confidence and
knowledge around cybersecurity from employees when working remotely.
Nearly half (43%) of IT professionals rate their confidence in their
remote security measures as ‘moderate' or worse, with the survey also
finding that ‘uncontrolled file sharing' was a common source of
cybersecurity incidents (16%).
Organisations can reduce risks
associated with cybersecurity by increasing education and training.
Basic training could improve matters significantly: Hornetsecurity's Security Awareness Training, for example, helps firms to strengthen their human firewall.
Use of endpoint management
Having
strong systems in place to protect employees is essential. The study
found that the main sources of cybersecurity incidents were compromised
endpoints (28%) and compromised credentials (28%). In addition, 15% said
that employees use their own devices with some endpoint configuration
for remote work. It's clear that having both security awareness training
and investment in endpoint management systems are vital to have robust
remote cybersecurity for organizations.
Hofmann concluded: "To tackle the knowledge gap, training such as our end user Cyber Security Awareness Training
helps ensure attackers are less likely to carry out a successful breach
when trying to exploit employees. This and endpoint management, are the
two basic steps in reducing remote working risks."