Putting corporate data at risk

​

Over a third of IT leaders state their remote workers have knowingly put corporate data at risk of a breach in the last year according to an annual survey – conducted between 12 and 18 March 2021 by Apricorn (https://apricorn.com), the leading manufacturer of software-free, 256-bit AES XTS hardware-encrypted USB drives.  This is concerning given that over one in ten surveyed IT decision makers also noted that they either have no control over where company data goes or where it is stored (15%) and their technology does not support secure mobile/remote working (12%).  

“This past year has been like no other.  Though most organizations already had some remote working in place, the speed with which businesses had to respond to the pandemic, meant security took a back seat with quick fixes and speed of roll-out taking precedence.  Unfortunately, this has increased risk along with a drop in security being front of mind as employees settled into home based work,” says Jon Fielding, Managing Director EMEA, Apricorn.

“Businesses have been caught off guard and were ill prepared to secure a full remote workforce.  For many companies it was a case of flipping a switch to allow access, rather than ensuring they have the necessary tools and security in place to secure that access.  Whilst employees are now beginning to recognize their role in compliance and security, organizations are not equipping them with the technology to remain safe and compliant.”

Additionally, the Apricorn survey reveals that more than half (58%) still believe that remote workers will expose their organization to the risk of a data breach moving forward.  This figure has risen steadily year-on-year from 44% in 2018, yet despite the pandemic, the number of organisations expecting their remote workers to put them at risk of a data breach in 2021 has remained level.  This suggests that organizations could have increased their security processes for remote workers, or are simply putting more trust in their employees, as highlighted in another recent global survey from Apricorn,  the 2021 Apricorn Global IT Security Survey (https://apricorn.com/2021-apricorn-global-it-security-survey/) see also our news report (www.itceoscfos.com/apricorn-it-survey)
 
Furthermore, over a quarter (26%) of organizations noted that their remote workers don’t care about security.  Whilst this figure has dropped from 34% last year, phishing (37%), employee negligence (27%), remote workers (15%) and third parties (13%) are still big avenues for attack and actionable cause of a breach.

“The lines between business and home, professional and personal, are now indistinct, which could explain why phishing was also ranked by over a third of organizations as being one of the main causes for a breach, almost doubling since 2020 (20%),” continues Fielding.  “This year’s survey also included ransomware as an option for possible cause for breach and ranked as the fourth biggest threat, with 17% of respondents citing this as a concern, highlighting the growing trend, and fear of ransomware attacks.”
 
Despite 100% of surveyed organizations having remote workers, over 65% admitted that their mobile/remote workers are willing to comply with security measures, but don’t have the necessary skills or technology to keep data safe.  This has increased year-on-year from 54% in 2019 and 63% in 2020, again highlighting that, with organizations forced into supporting remote working, many may have been driven into making quick fixes, with temporary tools, processes and policies underpinning them.
 
 
Unsurprisingly, when it comes to the challenges associated with implementing a cyber security plan for remote/mobile working, 35% of organizations cited the complexity and management of all the technology employees need and use for mobile/remote working as one of their top three problems. This is almost double last years’ figure (19%) and ranked second after ensuring data is adequately secured (39%).  GDPR compliance was the third biggest concern with 32% of organizations highlighting that mobile/remote working makes it harder to comply with GDPR, compared with just 16% in 2020, suggesting that compliance is sitting much higher on the agenda now more employees are working remotely.
 
That said, when asked if their organization have an information security strategy/policy that covers employees’ use of their own IT equipment for mobile/remote working, 88% confirmed they have a strategy in place.  Of those, 30% only allow corporate IT provisioned devices, of which 22% have security measures in place to enforce this with end point control.
 
“Secure endpoint controls will protect data and systems wherever employees are working, and on whatever device, so organizations have complete confidence in the integrity of its information.  Implementing the necessary technologies, digital tools, and procedures for mitigating the threats associated with remote working, need not be complex.  Endpoint security and education are critical to the process, and are as simple a solution to security as washing your hands is to the pandemic,”  continues Fielding.

“It may seem like a daunting task, but if organisations can address these alongside security best practice, whilst remedying any quick fix solutions, the future and security of remote working should be straightforward.”