Research commissioned by Microsoft Ireland and conducted by Amárach reveals;
Remote workers’ security practices:
· Over one in four (26%) remote workers have experienced a cyber-attack personally.
· A quarter of remote workers worry about the security of confidential or sensitive data that they share with colleagues.
· One in five employees feel their data is more vulnerable when working from home in the absence of normal IT supports.
· 30% still use personal emails to share confidential work materials.
Employer’s security practices:
· 36% of employers moved to a remote environment quickly and are retrofitting security, privacy and workplace procedures.
· 45% of employers have asked their employees to use their personal devices for work since the start of the pandemic with 42% of employers yet to secure these.
· Nearly a third of remote employees have unrestricted access to sensitive documents and information.
· 41% finding it difficult to remain GDPR compliant because of the pandemic
· 57% of remote workers say their attitude towards the use of cloud-based services has positively changed since the start of the pandemic.
· Organisation’s future digital investment to focus on equipping, upskilling and protecting remote workers.
November, 19th, 2020: New research commissioned by Microsoft Ireland reveals that just over one in four (26%) remote workers have experienced a cyber-attack personally, while 45% of employers have asked their employees to use their personal devices for work since the start of the pandemic.
Conducted by Amárach Research, the study surveyed 500 employees and 200 business decision makers in September 2020 about remote working, digital security behaviours, and the concerns they now face.
This follows on from Microsoft research earlier this year which looked at cyber threats to public and private organisations. It also updates previous studies conducted by Microsoft in 2018 and 2019, but with an additional focus on the security impact of Covid-19 work-related practises now and in future. That research showed that nearly a quarter of organisations employing over 500 staff did not put any restrictions on employees access when working from home. However, in similar research in 2019, nearly half (49%) of those working from home at least once a week used their personal email account for saving, editing, sending, or sharing work-related documents - 24% reveal that they accidentally shared work-related material with friends and family.
The accelerated transition to homeworking is placing pressure on organisations to support the unavoidable blending of personal and professional lives more than ever before. However, this naturally creates new risks, including the increased risk of cyber-attacks. This was reflected in the research which showed that only 17% of remote workers currently believe that the software and technology provided has done enough to protect their data.
This could be in some way due to the pace at which employers had to transition to remote working environments, with 36% of employers admitting they have spent the past few months putting in place the security, privacy, and workplace procedures required for today’s remote working world.
Remote Workers’ Information Protection Concerns
76% of workers were surprised with how well they had adapted to remote working. However, one in five employees feel their data is more vulnerable when working from home due to the absence of regular IT supports. In fact, one in five employees feel their data is more vulnerable when working from home in the absence of normal IT supports.
The research points to some potentially dangerous cybersecurity issues amongst remote workers:
· Personal emails: 30% of workers still use personal email accounts to share confidential work materials.
· Poor Password Hygiene: One third of workers use the same password to log into work and personal devices.
· Unregulated access: Nearly half (43%) face/navigate no security restrictions when accessing work-related documents and materials remotely.
Employers’ Security Management Concerns
One of the most concerning findings is that organisations are potentially side-stepping their own security procedures in the name of expediency:
· Reactive approach: One third of employers acknowledge they are exposed since they had to make remote-working decisions and transitions so quickly.
· Lack of devices: 45% of employers have had to ask their employees to use their personal devices for work purposes since the start of the pandemic.
· No remote BYOD policies: 42% of employers are yet to secure those remote employee’s personal devices.
Furthermore, 41% of employers acknowledge it has become increasingly difficult to remain GDPR compliant because of the pandemic.
These concerns are borne out in Microsoft’s most recent global Digital Defence Report, published in September 2020. The report identified an escalation in both the level and sophistication of attacks. For example:
· Microsoft blocked over 13bn malicious and suspicious mails, out of which more than 1bn were URLs set up for the explicit purpose of phishing credential attacks in 2019.
· Ransomware is the most common reason behind Microsoft’s incident response engagements from October 2019 through July 2020.
· The most common attack techniques used by nation-state actors in the past year are reconnaissance, credential harvesting, malware, and virtual private network (VPN) exploits.
· Internet of Things (IoT) threats are constantly expanding and evolving. The first half of 2020 saw an approximate 35% increase in total attack volume compared to the second half of 2019.
Des Ryan, Solutions Director for Microsoft Ireland, said: “Cyber hackers are opportunistic, skilled, and relentless. They have become adept at evolving their techniques to increase success rates, whether by experimenting with different phishing lures, adjusting the types of attacks they execute or finding new ways to hide their work. While our physical work locations may have changed, our responsibilities in protecting organisational data and complying to data regulations have not. Now is the time to address this with an increased investment in cybersecurity, secure devices, tighter policies, increased support, and education for employees so they can play an important role in not only protecting themselves but also their organisations.”
Cloud-based Services and hybrid working
When asked about the future, 58% believe they will have a ‘hybrid workforce’ in future as more staff work from home more of the time and others are in the office. Over half (57%) felt more positive about using cloud-based services, including productivity tools.
Remote Priorities: training, support and investment
However, the research shows that Irish organisations understand there is a gap with 41% admitting they are behind the curve when it comes to having the right digital services and technologies in place to deal with new working realities.
As a result of the move to remote working, employers are focused on investment in digital security. The research found:
· 38% of organisations have already increased the level and detail of cybersecurity training for staff who are working from home.
· A further 52% will prioritise investing in training in 2021.
· 44% of workers would also welcome alternatives to passwords, with biometric verification (fingerprint or facial recognition) being the most popular options.
Andy Hillis, Vice President & Group Head of Information System, Almac Group commented, “We are all too aware of the growing threat from sophisticated cyber-attacks, information loss and fraud, and a strong cyber-security stance is a key defence against such cyber-related incidents. Almac Group is at the forefront of the development, manufacturing, testing and distribution of essential medicines to vulnerable patients across the globe and therefore we cannot risk having our operations disrupted in any way. My global team and I work tirelessly to protect the confidentiality, availability and integrity of our data, network, assets and employees and protect against the unauthorised exploitation of systems and technologies. The implementation of Microsoft Defender Advanced Threat Protection across Almac has proven to be an essential defensive control and mitigation measure to effectively reduce the impact of risk to our organisation.”