cherryandbees - stock.adobe.com
While technology has helped organizations continue operations during the COVID-19 pandemic, a recent study from NordVPN found remote work cybersecurity issues to be concerned about, considering the use of personal devices and unsecured networks.
The survey, which had 5,000 respondents, found that 62% of employees are using personal devices for remote work.
"On a personal endpoint, there is a greater risk," said Chris Sherman, a senior analyst at Forrester Research. "Whenever you're outside of the organization's control, you frankly have very little control as the company IT admin or security admin over these personal devices."
Forty-six percent of employees weren't working remotely prior to the COVID-19 pandemic, according to a recent survey by Kaspersky of 6,017 IT professionals.
"I think there's a lot of folks who weren't used to working from home -- like in government, healthcare, retail and manufacturing [where] there's a little bit more of a learning curve," said John Grady, an analyst at Enterprise Strategy Group. "I think those are industries that are not always issued a corporate machine and have to use their own device."
Seventy-three percent of those surveyed by Kaspersky said they had no special IT awareness training when switching to full-time remote work. The Kaspersky report also found that employees are more comfortable on personal devices and are more likely to download applications that are not work-related, browse unsecure websites and click suspicious links.
"[Employees] have taken past training, so their organization does have some level of awareness training, whether that's kind of introductory or part of onboarding are ongoing -- but they've not had anything specific to COVID," Grady said.
Unsecured network access affecting remote work cybersecurity
The Kaspersky survey also found that just 53% of respondents were using a VPN to access their employer's network while working from home. This means that nearly half were not using a secure access point to handle company content.
"It's more important for you as security admin to take into consideration all of the different IoT devices and all of the consumer devices that may be interacting with whatever laptop or mobile device that employee is using on the same network as those IoT devices," Sherman said. "Many endpoint security vendors offer endpoint security SaaS. The benefit here is you eliminate the hands-on server maintenance by your remote admins, who are also working from home."
Future of remote work cybersecurity
Grady said that although there could be some security risks associated with remote work, he believes more executives will push for more flexible and remote work schedules even after the pandemic.
John GradyAnalyst, Enterprise Strategy Group
"Executives think there'll be more flexibility. I think that's positive because if the IT team is thinking like that, the kind of buzzwords coming out of this are going to be flexibility and agility," Grady said. "That is difficult to scale, and you're kind of locked into it. Everything's going be more cloud focused and that is intuitive."
It also helps companies to prepare for another pandemic or situation where most employees have to go remote. Cloud adoption is seeing more interest because of the uptick in remote work.
"I think over time when people go back into the office, there has to be that contingency plan in place so that if you do have to suddenly shift 80% of your workforce to remote you won't run into that kind of first phase that we went through in the end of March and beginning of April, where you're trying to just get people access to what they need and forgetting about security," Grady said.
NordVPN's study also found that remote workers were spending three hours more online than when working in offices. This brought up the average workday to just shy of 11 hours. The 35.5% increase is just in the U.S., but NordVPN found that the workday had increased for workers internationally as well.