sb-nz logo
Story image

Remote workers need to up their game to keep organisations secure

Habits of individuals in a workplace may be impacting the security of the overall business, according to a new study published by CyberArk that looks at the current state of security in today's expanded remote work environment.

According to the study, employees' habits, including password re-use and letting family members use corporate devices, are putting critical business systems and sensitive data at risk.

Furthermore, the survey found that 60% of remote employees are using unmanaged, insecure BYOD devices to access corporate systems. In addition, 57% of employees have adopted communication and collaboration tools such as Zoom and Microsoft Teams, which have been the focus of highly publicised security flaws.

CyberArk’s study also found that the risks to corporate security become even higher when it comes to working parents.

The company states this group has become responsible for many moving parts, including teaching and caring for children at home while also working, and as such understandably have given convenience precedence over following good cybersecurity practices.

Of this group, 57% insecurely save passwords in browsers on their corporate devices, 89% reuse passwords across applications and devices, and 21% admitted that they allow other members of their household to use their corporate devices for activities like schoolwork, gaming and shopping.

CyberArk posed the question, are current cyber security policies enough? The study found that while 91% of IT Teams are confident in their ability to secure the new remote workforce, more than half (57%) have not increased their security protocols despite the significant change in the way employees connect to corporate systems and the addition of new productivity applications.

The researchers state that the rush to onboard new applications and services that enable remote work, combined with insecure connections and dangerous security practices of employees, has widened the attack surface and security strategies need to be updated to match this new dynamic threat landscape.

This is especially true when it comes to securing privileged credentials of remote workers, which if compromised could open the door to an organisation's critical systems and resources.

CyberArk SVP EMEA Rich Turner says, “Major socio-economic events have always led to a sharp uptake in cyber incidents. The WHO has warned of an exponential increase in attacks due to the global and unprecedented nature of the ongoing health crisis, and its transformative impact on the way we work.

“With the accelerated use of collaboration tools and home networks for professional purposes, best-practice security is struggling to keep pace with the need for convenience which, in turn, is leaving businesses vulnerable.”

Turner states, responsibility for security needs to be split between employees and employers. For employees, this means constantly updating and never re-using passwords, verifying that the operating system and application software they use are up to date, and ensuring all work and communication is conducted only on approved devices, applications and collaboration tools.

Simultaneously, businesses must constantly review their security policies to ensure employees only have access to the critical data and systems they need to do their work, and no more. Decreasing exposure is critical in the context of an expanded attack surface.

The CyberArk Remote Work survey was conducted in late April 2020 by an independent research agency. The study included responses from 300 remote office workers and 300 IT professionals in the United Kingdom.

Story image
The current state of ransomware — and its future
Discoveries made by analysts at Sophos have unearthed a new development: ransomware code appears to have been shared across ‘families’, and some of the ransomware groups seemed to work in collaboration more than in competition with one another. More
Story image
Hackers in your bedroom: Hackers targeting smart sex toys
A group of researchers reported vulnerabilities in an internet-enabled male chastity cage. More
Story image
Microsoft top targeted brand by cyber criminals in Q4 2020
In Q4, 43% of all brand phishing attempts related to Microsoft (up from 19% in Q3), as threat actors continued to try to capitalise on people working remotely during the COVID-19 pandemic’s second wave. More
Story image
CompTIA forms Cybersecurity Advisory Council, led by 16 security execs
The new body will be co-chaired by Tech Data director of security solutions Tracy Holtz, and Alvaka Networks chief operating officer and chief information security officer Kevin McDonald.More
Story image
Palo Alto Networks advances attack surface management with Expanse
"By integrating Expanse's attack surface management capabilities into Cortex after closing, we will be able to offer the first solution that combines the outside view of an organisation's attack surface with an inside view to proactively address all security threats."More
Story image
Top security threats for 2021
2021 will see several themes develop into full blown security threats, many of them borne from the struggles of pandemic-stricken 2020, writes Wontok head of technology Mick Esber.More