April 29, 2021
Over a third of IT leaders state their remote workers have knowingly put corporate data at risk
More than a third (35 percent) of UK IT decision makers admitted that their remote workers have already knowingly put corporate data at risk of a breach in the last year according to an annual survey – conducted by Apricorn. This is concerning given that over one in ten surveyed IT decision makers also noted that they either have no control over where company data goes or where it is stored (15 percent) and their technology does not support secure mobile/remote working (12 percent).
Additionally, more than half (58 percent) still believe that remote workers will expose their organisation to the risk of a data breach. This figure has risen steadily year on year from 44 percent in 2018, yet despite the pandemic, the number of organisations expecting their remote workers to put them at risk of a data breach in 2021 has remained level. This suggests that organisations could have increased their security processes for remote workers, or are simply putting more trust in their employees, as highlighted in another recent global survey from Apricorn.
Furthermore, over a quarter (26 percent) of organisations noted that their remote workers don’t care about security. Whilst this figure has dropped from 34 percent last year, phishing (37 percent), employee negligence (27 percent), remote workers (15 percent) and third parties (13 percent) are still big avenues for attack and actionable cause of a breach.
The lines between business and home, professional and personal, are now indistinct, which could explain why phishing was also ranked by over a third of organisations as being one of the main causes for a breach, almost doubling since 2020 (20 percent). Additionally, this year’s survey included ransomware as an option for possible cause for breach and ranked as the fourth biggest threat, with 17 percent citing this as a concern, highlighting the growing trend, and fear of ransomware attacks.
[perfectpullquote align=”right” bordertop=”false” cite=”” link=”” color=”” class=”” size=””]”Businesses have been caught off guard and were ill prepared to secure a full remote workforce.”[/perfectpullquote]
Jon Fielding, Managing Director EMEA, Apricorn, said, “This past year has been like no other. Though most organisations already had some remote working in place, the speed with which businesses had to respond to the pandemic, meant security took a back seat with quick fixes and speed of roll-out taking precedence. Unfortunately, this has increased risk along with a drop in security being front of mind as employees settled into home based work.”
Despite 100 percent of surveyed organisations having remote workers, over 65 percent admitted that their mobile/remote workers are willing to comply with security measures, but don’t have the necessary skills or technology to keep data safe. This has increased year on year from 54 percent in 2019 and 63 percent in 2020, again highlighting that, with organisations forced into supporting remote working, many may have been driven into making quick fixes, with temporary tools, processes and policies underpinning them.
“Businesses have been caught off guard and were ill prepared to secure a full remote workforce. For many companies it was a case of flipping a switch to allow access, rather than ensuring they have the necessary tools and security in place to secure that access. Whilst employees are now beginning to recognise their role in compliance and security, organisations are not equipping them with the technology to remain safe and compliant” added Fielding.
Unsurprisingly, when it comes to the challenges associated with implementing a cyber security plan for remote/mobile working, 35 percent of organisations cited the complexity and management of all the technology employees need and use for mobile/remote working as one of their top three problems. This is almost double last years’ figure (19 percent) and ranked second after ensuring data is adequately secured (39 percent).
GDPR compliance was the third biggest concern with 32 percent of organisations highlighting that mobile/remote working makes it harder to comply with GDPR, compared with just 16 percent in 2020, suggesting that compliance is sitting much higher on the agenda now more employees are working remotely.
Image by Stefan Coders