Robust defenses may have been implemented to protect networks from cyberattacks, but the same level of protection is not always applied for remote workers.
Allowing employees to work remotely may improve staff morale and can even lead to an increase in productivity, but it also introduces risk. Those risks have been made clear by a recent survey conducted by the virtual private network solution provider OpenVPN.
The study was conducted on 250 IT managers and IT leaders, 92% of whom believed the benefits of allowing workers to access the network remotely more than outweigh the risks, although 90% of respondents did agree that remote workers posed a security risk to the organization. 54% said remote workers were a greater security risk than on-site workers.
The survey revealed the risks are not just theoretical. More than one in three organizations (36%) have experienced a security breach because of the actions of remote workers.
The most common risks are the use of personal devices to access the network, which lack the same level of protections as devices that have been provided by the organization. Remote workers connecting to unsecured Wi-Fi networks was also a major risk.
More employees are spending at least some of their week working remotely. 3.2% of Americans – 4.3 million workers – work at least half of the week remotely and the percentage is growing rapidly. “The modern work trend offers many benefits to organizations, such as greater access to talent and increased employee engagement. But it also creates unique security challenges — which organizations across the board aren’t yet equipped to handle,” said OpenVPN. “Remote work’s rise isn’t slowing for anyone, so organizations must prioritize the refining of their policies sooner rather than later.”
Organizations are taking steps to improve security for remote workers, which include developing and implementing a security policy specifically for remote workers (93% of organizations), requiring workers to use hardware tokens or a VPN (74% of organizations), and the use of encryption for sensitive data (69% of organizations). Password managers are used by 56% of organizations and 38% have a policy that prevents the use of personal laptops for work purposes.
Nine out of 10 organizations require all remote workers to take part in security awareness training but only 2 out of 10 organizations provide that training more than twice a year. 3 out of 10 firms provide training twice annually.
Another area of concern is the failure to update security policies for remote workers. Almost a quarter of firms have not updated their policy in the past 12 months.
Even though policies are put in place for remote workers, 44% of respondents only somewhat agreed that their remote workers were following those policies.