Remote workers more aware of security, but still flout the rule

Published: 

Almost three-quarters (approximately 72%) of people forced to work remotely, is this the end of an era? Through the last four months Covid-19 coronavirus pandemic, people believe they are now more conscious of their organisational cyber security policies than they were before. But they are still happy to break the rules if expedient, according to a Trend Micro study distilled from interviews conducted with more than 13,000 remote workers in 27 different countries. 

At risk from within

Against the backdrop of a complex and growing cyber threat landscape, we now have an added threat of remote working (Work Anywhere). Where businesses now assume their IT security will become compromised, or do they turn the other way? businesses are also waking up to the fact that one of the biggest chinks in their armour against cyberattack is their own employees. In fact, they are now the last line of defence, with their unknown actions or knowledge to spot threats is putting the business data (crown jewels) at serious risk.

The fear of you people putting the business at risk can be clearly identified as the top three fear are all related to the human factor and employee behaviour or upset employees. The table below shows that businesses are aware of how easy it is for employee/human error to impact their company’s security. They worry most about employees sharing inappropriate data via mobile devices (47%), the physical loss of mobile devices exposing their company to risk (46%) and the use of inappropriate IT resources by employees (44%).

                                                                                             Source: IT Security Risks Survey 2019, global data 

Careless or uninformed staff, for example, are the second most likely cause of a serious security breach, second only to malware.


Hide and seek

When security incidents happen at a business, it’s important that employees are on hand to either spot the breach or mitigate the risks. After all, while employees can pose a risk to companies (as seen in our findings thus far), they also have an important role to play in helping you to protect the business.

However, employees don’t always take action when their company is hit by a security incident. In fact, employees often hide or are unaware of an incident when it happens.

Hiding an incident may lead to dramatic consequences, increasing the damage caused. Now often we see breaches that do not impact the business until months after, as the attacker is building a profile and schedule of actions undertaken within your business. This then means when they do strike the can mimic persona, schedule and finance amounts not uncommon within the workplace, which equals more success for them and more pain for you. 


Proactive Measures:

Now that we have seen and identified the risk an employee can have, what proactive measures can we take?

Employee Front Line Measures:

  • Online email training to identify threats – with targeted emails aligned to training videos depending on actions taken, with 360 reporting,
  • Knowledge on Good Password Practices – Discussed within a recent article here
  • Are they aware of how to report a breach and what priority this should have within the business? Do you have a security breach procedure that everyone can easily utilise?

System:

  • Complete a risk assessment to see where you are now (template available) – if you do not identify where you are now, you do not know where you should go.
  • Setup systems with access required to do their specific role only, not full access to whole shared data – this reduces the impact if there account is breached. as the attacker has the minimum access they have once on the system.
  • Introduce a Password Manager, learn more here
  • Managed Anti-Virus and Web filtering/protection
  • Managed Proactive Windows patch management
  • Team communication solution like Microsoft Teams setup for your needs – Meaning you have security control of all communication within the business and not allowing this to go over other well known messaging applications.

What next?

If you’re looking for a new partner or would like some advice please do get in touch here or give us a call on 01942 835912

Discover more about our North West-based IT support services

Want to learn more about what the right support looks like? join us on a web conference call

Ready to switch to an IT Service Provider who puts your business needs first?

FOCUS TECH INSIDER
Related Insights

What is Business Email Compromise (BEC)?

Business Email Compromise (BEC) is a way for cybercriminals to send emails under false pretences – which makes it seem like they’re coming from a trustworthy source. Phishing attempts or social engineering tactics could lead to someone’s email being compromised – at which point the attacker might make requests for things such as fraudulent wire […]

Read More

Do you still save passwords in your browser? Here are some of the reasons why you should consider using a password manager…

We understand that saving passwords to the browser is easy. It allows you to save passwords that you would otherwise forget, and it’s convenient because it automatically saves the passwords and fills them in for you. While this is convenient and makes life easier, it is not secure. Never use your browser’s password manager Microsoft […]

Read More

The Security Problem of John's 'Other' Laptop

A guide on how to keep your business’s data ultra-safe during the Work From Home revolution.

Read More

What our clients say

Sign up today to be the first to receive Focus Tech Insider and Insights from FTS

Be the first to see FTS Insights