Remote working is now a way of life in the UK. Even as many European workers returned to the office during summer, UK employees were a notable outlier in staying away. The future is also increasingly remote: a recent study by the British Council for Officesrevealed that once government measures allow, organisations will increasingly move to a flexible mix of home and office-based work. As Trend Micro research has shown, this all has major implications for cyber risk.
To navigate these increasingly challenging business conditions, IT leaders will need to blend personalised user training with updated security policies and enhanced tooling.
听
What we found
Our Head in the Clouds听research听is distilled from interviews with over 13,000 remote workers in 27 countries. It reveals that, although most claim to be more security-aware since government lockdowns forced them to work from home (WFH), the reality is very different.
Thus, 72% feel 鈥渕ore conscious鈥 of cybersecurity policies today, 85% say they take IT instructions seriously, and 81% agree that security is partly their responsibility. However, on the flip side, over half (56%) admit using non-work apps on their corporate device, and even more (66%) have uploaded company data to it. A sizeable minority (39%) 鈥渙ften鈥 or 鈥渁lways鈥 access corporate data from a personal device.
They may not realise it, but these employees are putting their company and its data at risk by doing so. Unsanctioned apps could contain information-stealing malware or even ransomware, especially if downloaded from unofficial app stores. There鈥檚 also a 鈥渟hadow IT鈥 problem with uploading data to unapproved apps, in that the IT department is then unable to secure or manage it. This could break corporate policy and land the company in hot water with regulators. Personal devices may be less well secured than corporate equivalents and therefore represent a potential infection risk if connected to work networks and data.
听
What happens next?
The good news is there are things you can do today to mitigate these risks. It starts by understanding that not all employees are the same. User training and awareness programmes should therefore be tailored according to their personality types and not reduced to a 鈥渙ne-size-fits-all鈥 approach. Dr Linda Kaye, a Cyberpsychology Academic at Edge Hill University, has identified four separate personas which could help inform these initiatives.
Next up, if you haven鈥檛 already, it鈥檚 time to update security policies for the 鈥渘ew normal鈥 of mass remote working. That means restricting use of applications and devices to only those approved by IT, according to your organisation鈥檚 risk appetite. It鈥檚 vital not only to update these polices but also to communicate them, ensuring staff know the repercussions if they break the rules.
The final piece of the puzzle is technology. You may want to roll-out corporate devices to all remote workers, featuring strong anti-malware and other protections pre-installed. Or use cloud-based tools to remotely patch and secure home devices and PCs dedicated for work use. Increasingly, organisations are switching from VPN to cloud-based security as it鈥檚 lighter weight, easier to manage and more streamlined. In this case, consider a zero trust modelfeaturing multi-factor authentication for each user to minimise the risk of breaches.
These are challenging times, but those organisations who manage the shift to secure remote working most effectively will be best placed for success when the pandemic recedes.
听

听
