Poor password hygiene and use of personal devices are among the security issues arising as employees continue to work from home.
Transitioning to a remote working world hasn’t been easy, particularly when it comes to information security. That’s the subject of a new report from Microsoft, which highlights some of the cybersecurity challenges employees and companies have been facing.
It’s based on research carried out by Microsoft Ireland and Amárach among 500 employees and 200 decision makers in September 2020.
More than a quarter (26pc) of remote workers said they had experienced a cyberattack personally. A similar number expressed concerns about the security of confidential data that they share with colleagues, and one-fifth said their data is more vulnerable while working from home. Almost one-third, however, still use personal emails to share confidential work materials.
One-third of employees said they use the same password to log into both work and personal devices, and 43pc have unregulated access to work documents from their homes.
On the employer side, 36pc said they had pivoted to a remote setting quickly earlier this year and are only retrofitting security, privacy and workplace procedures now. Almost half (45pc) have asked their staff to use personal devices for work since the pandemic started, and 42pc have yet to secure those devices.
Additionally, 41pc of the companies surveyed said they are having difficulties remaining GDPR-compliant because of Covid-related work changes.
Remote cybersecurity responsibilities
“Cyberhackers are opportunistic, skilled and relentless,” said Des Ryan, Microsoft Ireland’s solutions director. “They have become adept at evolving their techniques to increase success rates, whether by experimenting with different phishing lures, adjusting the types of attacks they execute or finding new ways to hide their work.”
Microsoft said that it blocked more than 13bn malicious and suspicious emails globally in 2019. The most common reason for incident responses between October 2019 and July 2020 was ransomware. Popular ploys used by attackers included reconnaissance, credential harvesting, malware and VPN exploits.
“While our physical work locations may have changed, our responsibilities in protecting organisational data and complying to data regulations have not,” Ryan added.
“Now is the time to address this with an increased investment in cybersecurity, secure devices, tighter policies, increased support and education for employees so they can play an important role in not only protecting themselves, but also their organisations.”
Paving the way for a more secure hybrid future
Microsoft also touched on future workplace trends in its report. Of the people surveyed, 58pc said that a hybrid workforce is on the cards. This is in line with another recent Microsoft Ireland report, in which almost half of respondents said they see their employees working remotely in future.
In the new cybersecurity report, 57pc said they feel more confident about using cloud-based services such as productivity tools while working from home. But 41pc of employers said that Ireland is lacking in terms of digital services and technologies for new ways of working.
To mitigate the cybersecurity risks associated with continued remote working, 38pc have already begun to increase training for employees and a further 52pc said they will prioritise this next year.
Given the poor password hygiene among many workers, 44pc of them said they would be open to password alternatives such as biometric verification.