Nearly 75 percent of teleworkers and Work From Home (WFH) employees are without help from their employers on security awareness, guidance or training, a new report of some 6,000 workers worldwide found.
On its own it’s a noteworthy statistic but when combined with the 27 percent of teleworkers who’ve received phishing emails relating to the coronavirus (Covid-19) pandemic but may not know avoid infection, it becomes bit more alarming, security specialist Kaspersky found in its latest report, How COVID-19 changed the way people work.
Accidental downloading of malicious content from attacks such as phishing emails is a root contributor to infected devices and compromised business data, Kaspersky said. That untrained teleworkers not of their own doing may be using online services unapproved by their IT departments such as video conferencing, instant messengers or file storage services, can compound exposure to hacking.
“While employees are trying to get used to the new reality of working from home, IT and cybersecurity teams are under pressure to enable them to continue working safely,” said Andrey Dankevich, senior product marketing manager at Kaspersky. “Cyber-incidents can only add difficulties to this challenge, so it is important to remain vigilant and make sure remote working is also secure working.”
Here are some survey results (based on percentage of employees):
On training.
- 73% of workers have not received any IT security awareness training from their employer since they transitioned to working from home.
- 73% are using the same devices they worked with before Covid-19.
On device use.
- 55% of workers’ employers have provided them with devices to work from home.
- 68% use their personal computer to do work for their employer.
- 50% of companies whose employees conduct work from personal devices lack policies to regulate how they are used.
Online.
- 53% use a VPN when working from home
On vulnerability.
- 27% have received malicious emails that use COVID-19 as the main topic of interest.
- 32% of businesses have provided their staff with antivirus software to use on personal devices for work purposes.
- 86% have antivirus software installed on their personal computers.
- 42% use personal email accounts for work.
On productivity.
- 40% have not seen any changes in productivity since the Covid-19 outbreak began.
- 29% believe they are more productive since the pandemic began.
“There are many factors to be considered, from making sure staff have the right IT hardware to implementing a VPN to keep colleagues connected, and cybersecurity is no exception," Kaspersky said. “Securing large work environments takes a lot of resources and businesses need to consider how corporate devices are used remotely.”
Here are Kaspersky’s 10 recommendations to help businesses secure remote working for their employees:
- Ensure your employees know who to contact if they face an IT or security issue. Pay special attention to employees that have to work from personal devices and provide them with dedicated policy and security recommendations.
- Schedule basic security awareness training for your employees. It can be done online and should cover account and password management, email security, endpoint security and web browsing.
- Take key data protection measures to safeguard corporate data and devices, including switching on password protection, encrypting work devices and ensuring data is backed up.
- Ensure devices, software, applications and services are kept updated with the latest patches.
- Install proven protection software on all endpoints, including mobile devices and ensure that only approved online services are used for work purposes.
- Ensure your router supports and works smoothly when transmitting Wi-Fi to several devices simultaneously.
- Regularly update your router to avoid potential security issues.
- Set up strong passwords for your router and Wi-Fi network.
- If you can, work only on devices provided by your employer.
- Do not share your work account details with anybody else.