Household distractions, looming deadlines and the use of personal devices have all played into the additional security risks posed by the home office. According to a recent analysis, by Tessian, over 50 percent of employees admit to cutting corners with respect to cybersecurity requirements. This confessed negligence could be putting organizations at risk of cyber-attack as well as data breaches as a direct result.
As highlighted in previous Packetlabs blogs, COVID-19, and the resulting pandemic has forced many organizations to adapt quickly, and sometimes carelessly, to remote working. Out of the safety of office networks, and careful observation of IT security teams, workers are engaging in riskier processes online and with data that they would otherwise not practise if they were not working from the home environment.
According to Tessian’s The State of Data Loss Report, more than half of all employees believe that they can get away with riskier cybersecurity practises while working from home as opposed to working in the office.
Some of the top reasons that workers are not completely following the same level of safe data practices may include working from their own personal devices, opposed to a company issued device, as well as feeling less obligated to do so while not being monitored by IT and security departments.
As the economy seeks to get back on its feet while adjusting to the “new normal”, it is clear that remote working is here to stay. Organizations forced to adopt remote-work structures and policies find themselves increasingly challenged to maintain visibility of critical data flows and processing. The report goes on to demonstrate a very clear discrepancy between employees and IT leaders when it comes to following safe security practises. Across all company sizes, where 91% of IT leaders had indicated the trust their employees to follow cybersecurity policies when working from home, 48% of employees indicated they are in fact less likely to follow safe security practises. Further, when presented with the phrase “I feel as though I can get away with riskier behavior when working from home” the majority of workers agreed.
Without IT staff monitoring, employees seem to seek the simplest and most expedient path to perform their daily tasks. Compounding this disparity with the fact that over half of all workers also admitted that security policies slow them down, the resulting path will typically involve cutting security corners.
To be fair, not all employees are purposefully ignoring security practises; in some cases, household distractions such as children, pets, or lack of appropriate resources or internet connectivity speeds are having an impact on a worker’s ability to function optimally. In other instances, some employees feel deadlines and pressure to complete work in a timely fashion, considering the pandemic circumstances, is forcing employees to find quicker ways to operate. Unfortunately, this too means security corners may be cut in order to get work done faster. In fact, of the workers surveyed, half of them say they have had to find security workarounds to allow them to complete work more efficiently – this suggests that security policies itself are considered to be too much of an obstacle for employees working from the home to adapt to.
Regrettably, adapting these so-called “security workarounds” in pursuit of efficiency, leaves organizations particularly vulnerable to cyberattack and data breach, especially when hackers are aware and actively seeking these new-found opportunities.
In the grand scheme of things, all it takes is one incorrectly stored file, one weak password, one instance of inappropriate file-sharing or one misdirected email and an organization can find themselves facing a massive data breach, resulting in significant business interruption, financial loss and regulatory fines and that does not include the brand damage and loss of customer trust a business will suffer after one slip up.
The New Normal: Adapting to New Threats in Cybersecurity
At Packetlabs, we are often asked how often penetration testing should be performed in order to provide an adequate level of security within an organization or business. Typically, we suggest that most companies perform penetration testing on at least an annual basis, as well as whenever significant changes have been made to systems and applications that may have resulted in additional vulnerabilities.
Moving an entire workforce from the office to the work-from-home setting constitutes a significant change that should not go ignored. If you have concerns about the cybersecurity of your organization, please do not hesitate to contact us for assistance. We are always happy to discuss everything cybersecurity and take pride in helping organizations put their best foot forward into the new normal.