Multiple Studies Find Remote Workers Following Poor Digital Security Protocols

By Naveen Athrappully
Naveen Athrappully
Naveen Athrappully
November 23, 2021 Updated: November 23, 2021

Remote workers are aware of their responsibilities in maintaining digital security while accessing company networks a report has said, adding though that only a fifth are actually aware of sophisticated online threats.

The report by U.S. tech company Unisys says that a lack of understanding of fundamental cybersecurity risks and threats is resulting in remote and hybrid employees engaging in risky behavior that endangers overall company security.

The report found that 39 percent of remote workers are prone to fall for phishing scams, which makes up for 80 percent of online transgressions. About 79 percent are unaware of sophisticated threats like SIM jacking, where the hacker transfers a user’s contact number over to a phone they control.

In the report, about half of the surveyed remote employees based in the United States, Australia, and New Zealand have downloaded or installed software not approved by their IT department, and when something disruptive happens, only 24 percent know the exact company department to report the incident to.

Since the pandemic, many employees have opted to remain at home and work remotely, with 79 percent consenting to be monitored by their employers if allowed to maintain the status quo and work from home.

The Unisys report is one of several outlining security issues brought upon by the increase in remote work due to the pandemic.

Forrester Consulting for U.S. cybersecurity company Tenable Inc. found that 74 percent of all business-impacting cyber attacks were traced back to remote worker-related vulnerabilities.

Remote work exposes companies to more security risks, says the consulting firm’s Sept. 22 report which adds that three factors contribute to this—a lack of monitoring of remote home networks, expansion of the software supply chain, and migrating to the cloud.

The report adds that half of the surveyed remote workers use a personal device that they connect to the company’s network, without adequate precautions, for accessing data and communication.

According to the report, four-fifths of businesses claim that moving business-critical functions to the cloud increases security risks, with 62 percent of business-critical attacks involving cloud infrastructure.

“This study reveals two paths forward—one riddled with unmanaged risk and unrelenting cyberattacks and another that accelerates business productivity and operations in a secure way,” Amit Yoran, CEO of Tenable said in a statement.

Failing Basic Tests

Experts say the first line of defense for an organization is trained employees but many companies do not make security training a priority. When TalentLMS, a training company, teamed up with Kenna Security, a penetration testing firm, in a survey of 1,200 employees on cybersecurity knowledge and ability to identify threats, they discovered that almost 70 percent of employees underwent company training but 61 percent failed a basic test.

The majority of employees who failed the test carried a false sense of security and followed poor practices like plaintext passwords.

In another study conducted by HP Inc. found that of 8,443 office workers and 1,100 IT decision makers, more than two-thirds of them admitted to using the “company laptop” for personal purposes, including giving other household members access to it.

“As the lines between work and home have blurred, security risks have soared and everyday actions such as opening an attachment can have serious consequences,” said Joanna Burkey, HP’s chief information security officer, reported Security Magazine.

As a result of such behavior, remote workers are increasingly being targeted by hackers. There has been a 238 percent increase in global cyberattack volume during the pandemic, according to KuppingerCole, an analyst firm.