Cyber security concerns during COVID-19 remote working
Forty eight percent of office workers have admitted they are less likely to follow cyber security practices when working from home, according to new research from Tessian, the Human Layer Security company. The State of Data Loss Prevention report reveals findings from a global survey of 2,000 office workers and 250 IT decision-makers in the UK and the US.
The research shows that 52% of office workers feel they can get away with riskier behaviour when working from home, such as sharing confidential files via email and using personal devices to conduct company business.
The top reasons for not following safe data practices included not working on their usual devices (50%), not being watched by IT (48%), and being distracted (47%).
Additionally, over half (51%) of office workers say they feel their company’s security policies impede their productivity. A further 54% of staffers admitted to finding a workaround for security policies that stop them from getting their jobs done; suggesting that employees place efficiency and ease-of-access, above the safety and protection of data. When asked about security practices, 58% of office workers say information is less secure when working from home but, at the same time, 78% of office workers say their company ‘completely’ or ‘somewhat’ trusts them to stay secure when working remotely.
In addition to this, the survey reveals 84% of global IT leaders say that data loss prevention is more challenging when a workforce is working remotely. Data loss over email is particularly challenging for IT leaders to control, due to lack of visibility of the threat. Tessian found that:
- IT leaders in organisations with over 1,000 employees estimate that just 720 emails are sent to unauthorized accounts a year. The reality, according to Tessian’s own data, is at least 27,500 unauthorized emails are sent a year — 38x more than IT leaders estimate.
- They also estimate that 480 emails are sent to the wrong person every year. Yet, Tessian data reveals that employees send at least 800 misdirected emails per year —1.6x more than IT leaders estimate.
Tim Sadler, CEO, Tessian commented:“The COVID-19 crisis has triggered a tidal wave of challenges for businesses. Whilst they adapted fast to the abrupt shift towards remote working, the challenge businesses now face is keeping data secure from risky employee behaviour as working from home becomes the norm.
“Our research shows that people will cut corners on security best practices when working remotely and find workarounds if security policies disrupt their productivity in these new working conditions. But, all it takes is one misdirected email, incorrectly stored data file, or weak password, before a business faces a severe data breach that results in the wrath of regulations and financial turmoil. During this time, protecting people has to be all businesses’ top priority. IT decision makers, therefore, must establish clear guidelines on security best practices, enabling all staff to work efficiently and safely when away from the office.”