The State of Remote Work Security: Phishing, User Training Are Top Worries
- By Kurt Mackie
- March 23, 2021
Two studies released this week are shedding light on remote work security practices.
One study conducted by Cybersecurity Insiders, which bills itself as both an IT organization and a news and information company, polled IT pros on their remote work security concerns. Its report, "The State of Remote Work Security 2021," was a small study of 287 U.S. IT and cybersecurity professionals, which was conducted via online surveys in January 2021. The report was sponsored by content security firm archTIS Ltd., and its subsidiary Nucleus Cyber. The report is available at this page
The main security risks of remote work, as reported by the study's participants, included end user exposure to malware and phishing attempts (39 percent), followed by data protection (36 percent), work from unmanaged resources (14 percent) and ensuring the compliance of regulated end users (9 percent).
In this study, IT pros were asked to rank the biggest security challenges associated supporting remote workers. Those challenges included, in part:
- "User awareness and training" (57 percent)
- "Home/public Wi-Fi network security" (52 percent)
- "Sensitive data leaving perimeter" (46 percent)
- "Increased security risks" (45 percent)
- "Use of personal devices/BYOD" (38 percent)
- "Lack of visibility" (34 percent)
However, when asked "what makes remote work less secure," 61 percent of the respondents pointed to the mixture of personal and business use on work laptops, plus the "risk of drive-by-downloads" as the main issue. They also scored susceptibility to phishing attacks as a big factor (50 percent).
The protections put in place for remote workers tended to be the usual things. Here's what the respondents described:
- Anti-virus/anti-malware (80 percent)
- Firewalls (72 percent)
- Virtual private network (70 percent)
- Multifactor authentication (61 percent)
- Endpoint detection and response security (56 percent)
- Anti-phishing (54 percent)
- Password management (50 percent)
The respondents particularly favored the use of "human-centric visibility into remote employee activity" as a cybertechnology priority for their organizations. The study didn't define what that visibility might entail, though.
In general, 79 percent of the study's IT pro respondents had concerns about the security risks associated with remote work. However, the expectation of most (90 percent) was that their organizations would likely continue to support a remote workforce.
The second study, which polled end users themselves, was conducted by PC Matic, a provider of an application whitelist security solutions.
Its "COVID-19: Cybersecurity in the Remote Workforce" study had a large sample of 5,800 individuals, who were located in the United States but were otherwise undescribed. They were polled in February 2021 for this study, but a similar study had been conducted by PC Matic back in 2020.
The 2021 study found that 36 percent of participants were working remotely, down from 42 percent in 2020. It seems that the companies associated with the respondents aren't providing devices for remote work. Just 38.5 percent of respondents were using company-supplied devices, which was about the same as last year's poll figure.
Worse still, 91 percent of respondents said that they lacked having "any type of antivirus solution to use on their device." Just 43 percent of respondents reported using a virtual private network (VPN) connection, with 19 percent saying they didn't know if a VPN was being used.
Just 49 percent of respondents indicated that they had received IT support when transitioning to remote work.
PC Matic concluded its analysis by saying it was disappointing that its study figures remained fairly consistent year over year. "In the best-case scenario, we would have seen security increase and many of these numbers go down," the report stated.
Healthy IT practices to support remote work would have been to not allow the use of personal devices for work, the report indicated. It also advised the use of security software and VPNs, plus the tapping of managed security provider support for those organizations lacking IT personnel and expertise.
Kurt Mackie is senior news producer for 1105 Media's Converge360 group.