Cybersecurity Impact of COVID-19 on Working Environment Explored in Survey

Before the COVID-19 pandemic the majority of businesses permitted a portion of the workforce to dedicate some of the week working from their homes.

Since the advent of the pandemic, however, everything has drastically changed in relation to the workforce. National lockdowns have put companies in a position where they must quickly alter working practices and permit almost 100%  of their staff to work remotely.

When lockdowns were removed, a lot of staff members continued to work from home. The new remote working environment is not thought be the new normal. Remote working has lead to new hurdles that must be tackled, particularly for cybersecurity as it is harder for groups to stop, spot and address cyberattacks when much of the workforce is working remotely.

A recent survey issues to 2,215 IT and IT security workers by the Ponemon Institute on behalf of Keeper Security explores the cybersecurity challenges of teleworking and assesses how firms have adapted cybersecurity practices to address the dangers of teleworking.

One of the main discoveries in the survey is remote working has greatly hampered the effectiveness of organizations’ security posture.  When those questioned were asked about the effectiveness of their security measures and during the pandemic, 71% rated their security defenses as either very or highly effective prior to the pandemic, with only 44% rating their defenses so highly during the pandemic.

The survey found many reasons for the perceived decline in the effectiveness of those security measures. When workers are located on-site, physical security measures are in place to stop the theft of equipment and data. 47% of respondents said the lack of physical security at employees’ homes was a significant worry.

71% of IT professionals were of the opinion that remote workers were endangering their organization in relation to the chances of a data breach occurring, while 57% said remote workers are a prime target for cybercriminals looking to exploit flaws.

Remote workers must be able to use business-critical applications, with 59% of respondents reporting that remote access to those applications grew during the pandemic. On average, groups have 51 business-critical applications and 56% of those applications are being used remotely.

56% of respondents said the time to react to a cyberattack has grown during the pandemic and 42% of respondents said they have no understanding about how to protect against cyberattacks with such a large number of remote workers.

There has been a massive increase in the use of personal devices as a result of the pandemic, and BYOD schemes have reduced groups’ security posture. 67% of respondents said remote workers were using personal devices for work duties during the pandemic, including mobile phones, which are the most susceptible devices.

Intrusion detection systems that were effective with office-located working are far less effective when used for teleworking. 51% of respondents reported an exploit or malware infection that bypassed their intrusion detection systems during the pandemic and 61% said they had suffered a cyberattack during the pandemic, with phishing and social engineering attacks the most common attack vector.

Despite the danger of cyberattacks, 31% of groups said they have not configured multi-factor authentication for remote-based workers, only 43% provide security awareness training addressing the risks of remote working, and only 47% are monitoring their networks 24/7. Less than 50% of those questioned secure company-owned devices with up-to-date anti-virus, device encryption and firewalls. If these security problems are not tackled addressed, groups will come head to head with a far higher risk of experiencing a cyberattack and costly data breach. You can view the complete discoveries of the survey and recommendations here.

About Thomas Brown
Thomas Brown worked as a reporter for several years on ComplianceHome. Thomas a seasoned journalist with several years experience in the healthcare sector and has contributed to healthcare and information technology news publishers. Thomas has a particular interest in the application of healthcare information technology to better serve the interest of patients, including areas should has data protection and innovations such as telehealth.