March 23, 2020
The percentage of employees working from home (WHF) has been steadily increasing in recent years. As organizations increasingly tap into the global workplace and provide more work-life balance there has been a significant increase in the number of remote workers. Since 2007, there has been a 159% rise in remote working in the US — totaling 26 million Americans — and by 2020 it is estimated that 50% of the UK workforce will work remotely. In Australia, over two-thirds (68%) of Australian employers say their company now allows employees to work remotely. WFH is clearly a growing, global trend.
Now, with the outbreak of COVID-19 and the desire to #flattenthecurve, hundreds of thousands, perhaps millions of additional employees are now WFH because companies such as Microsoft, AT&T and Nestle, as well as public organizations such as the Dept. of Commerce and the SEC, have recently asked most of their workers to WFH (and rightfully so).
Despite the health and corporate benefits of working remote, there are serious security risks that come with this trend. If not addressed, these risks could mean negative consequences for companies and their employees including the loss of valuable data and confidential information, as well as creating vulnerabilities that can be exploited by malicious attackers.
Here are the top 3 security concerns organizations should address immediately:
Increase in Accidental Data Loss
We know from previous experience that there is a 78% increase in accidental data loss when employees work from home. This is because users often sacrifice compliance with security policies for usability. For example, many organizations use Microsoft OneDrive or Google Drive for collaborating, storing and sharing confidential business documents. This is normally fairly safe. However, to make access easier for others, users may purposely or accidentally publicly share links to confidential documents or make them searchable by a wider audience than is appropriate. This means that sensitive information and/or intellectual property may be exposed.
Increase in Malware Infections
Organizations can also expect a 60% increase in the number of malware infections for remote users. This is due to the increase in recreational web browsing that is done from corporate devices instead of personal devices. Corporate laptops, for example, that were once kept in the office are now usable all the time, including nights and weekends when personal web browsing and emailing spikes. Further, because many employees that WFH don’t stay connected to the corporate VPN 100% of the time (i.e., they often connect to their corporate network via their VPN to download information, then disconnect to work without the performance hit or other constraints of the corporate VPN), these devices will be connected to relatively unsecured home and public networks a higher percentage of time where phishing attacks are more prevalent and malware more readily available to be mistaking downloaded.
Increase in Unprotected Backups
In order to work as efficiently as possible on their local devices employees that anticipate WFH will often copy large amounts of data to local hard drives or USB tokens. That’s why we’ve seen a 67% increase in the number of unprotected backups in the past when a large number of users WFH. Users realize they can work faster with large amounts of data on their local machine vs. constantly accessing databases through their corporate VPN. And while this might mean faster and easier work for the employee it also means that potentially large amounts of confidential or proprietary data is openly stored on local devices for attackers and malware to access.
The widespread decision organizations have made to allow users to WFH is a great thing – both for business and for humanity during the COVID-19 crisis. However, it must be done safely. If organizations heed this advice, they can ensure that their business runs smoothly and, just like their users, is protected from harm during these trying times.
*** UPDATE: As a result of the recent surge in numbers of remote workers and the corresponding increase in potential security risk, Dtex has created a program to provide extra assistance to customers and select companies that need to rapidly secure remote workers. For more information and to see if your company qualifies, please contact us at firstname.lastname@example.org.