More than a third (35%) of UK IT decision makers admitted that their remote workers have already knowingly put corporate data at risk of a breach in the last year according to an annual survey – conducted between 12 and 18 March 2021 by Apricorn , the leading manufacturer of software-free, 256-bit AES XTS hardware-encrypted USB drives. This is concerning given that over one in ten surveyed IT decision makers also noted that they either have no control over where company data goes or where it is stored (15%) and their technology does not support secure mobile/remote working (12%).
Additionally, more than half (58 percent) still believe that remote workers will expose their organisation to the risk of a data breach. This figure has risen steadily year on year from 44 percent in 2018, yet despite the pandemic, the number of organisations expecting their remote workers to put them at risk of a data breach in 2021 has remained level. This suggests that organisations could have increased their security processes for remote workers, or are simply putting more trust in their employees, as highlighted in another recent global survey from Apricorn.
Furthermore, over a quarter (26%) of organisations noted that their remote workers don’t care about security. Whilst this figure has dropped from 34 per cent last year, phishing (37%), employee negligence (27%), remote workers (15%) and third parties (13%) are still big avenues for attack and actionable cause of a breach.
The lines between business and home, professional and personal, are now indistinct, which could explain why phishing was also ranked by over a third of organisations as being one of the main causes for a breach, almost doubling since 2020 (20%). Additionally, this year’s survey included ransomware as an option for possible cause for breach and ranked as the fourth biggest threat, with 17 per cent citing this as a concern, highlighting the growing trend, and fear of ransomware attacks.
Jon Fielding, Managing Director EMEA, Apricorn, said, “This past year has been like no other. Though most organisations already had some remote working in place, the speed with which businesses had to respond to the pandemic, meant security took a back seat with quick fixes and speed of roll-out taking precedence. Unfortunately, this has increased risk along with a drop in security being front of mind as employees settled in to home based work.”
Despite 100 per cent of surveyed organisations having remote workers, over 65 per cent admitted that their mobile/remote workers are willing to comply with security measures, but don’t have the necessary skills or technology to keep data safe. This has increased year on year from 54 per cent in 2019 and 63 percent in 2020, again highlighting that, with organisations forced into supporting remote working, many may have been driven into making quick fixes, with temporary tools, processes and policies underpinning them.
“Businesses have been caught off guard and were ill prepared to secure a full remote workforce. For many companies it was a case of flipping a switch to allow access, rather than ensuring they have the necessary tools and security in place to secure that access. Whilst employees are now beginning to recognise their role in compliance and security, organisations are not equipping them with the technology to remain safe and compliant” added Fielding.
Unsurprisingly, when it comes to the challenges associated with implementing a cyber security plan for remote/mobile working, 35 per cent of organisations cited the complexity and management of all the technology employees need and use for mobile/remote working as one of their top three problems. This is almost double last years’ figure (19%) and ranked second after ensuring data is adequately secured (39%). GDPR compliance was the third biggest concern with 32 percent of organisations highlighting that mobile/remote working makes it harder to comply with GDPR, compared with just 16 percent in 2020, suggesting that compliance is sitting much higher on the agenda now more employees are working remotely.
That said, when asked if their organisation have an information security strategy/policy that covers employees’ use of their own IT equipment for mobile/remote working, 88 percent confirmed they have a strategy in place. Of those, 30 per cent only allow corporate IT provisioned devices, of which 22 percent have security measures in place to enforce this with end point control.
“Secure endpoint controls will protect data and systems wherever employees are working, and on whatever device, so organisations have complete confidence in the integrity of its information. Implementing the necessary technologies, digital tools, and procedures for mitigating the threats associated with remote working, need not be complex. Endpoint security and education are critical to the process, and are as simple a solution to security as washing your hands is to the pandemic.
It may seem like a daunting task, but if organisations can address these alongside security best practice, whilst remedying any quick fix solutions, the future and security of remote working should be straightforward”, concluded Fielding.
About the survey
The research was conducted during March 2021, by Vanson Bourne. Respondents were 100 UK IT decision makers (CIOs, Heads of IT, IT directors, Senior IT managers etc.) from enterprise organisations (1000+ employees) including financial services, IT, manufacturing, business and professional services.