A recent survey conducted by OpenVPN highlights the potential cybersecurity risks posed by remote workers.
OpenVPN is a virtual private network solution provider that allows businesses to extend their VPNs securely. They surveyed 250 IT leaders, “from the manager level through the C-suite”, to ascertain whether allowing employees to work remotely posed a risk to the organisation’s cybersecurity and whether the benefits of allowing the employees to work remotely outweighed the risks.
Many studies have shown that allowing employees to work remotely has a myriad of benefits, such as improvements in morale and productivity, better family lives for employees, and overall improvements in efficiency and employee welfare. It also reduces overhead costs for organisations. However, relatively few investigations have been conducted into the potential risks involved in employees working away from the central office.
Ninety per cent of respondents stated that they believed remote workers posed a security risk. Over half (54%) stated that they regarded remote workers to be a higher risk to cybersecurity than on-site workers. Upper management seems particularly concerned with the risk posed by off-site workers; 73% of VPs and C-suite executives believed that remote workers posed a higher risk than onsite employees.
These concerns about the risks posed by off-site workers appear to be legitimate; 36% of businesses surveyed had experienced a breach due to an ‘unsecured remote worker’.
Despite this apparent threat to an organisation’s security, 92% of those surveyed stated that they believed the risks outweigh the benefits experienced by allowing employees to work remotely.
Several key issues must be overcome to mitigate the risks of cybersecurity incidents caused by remote workers. For example, many remote workers use personal devices to access the network, which lack the same level of protections the organisation’s own devices. Remote workers connecting to unsecured Wi-Fi networks was also a significant risk.
There is an increasing trend in the number of employees electing to work remotely for at least some part of their working week. A recent study indicates that 3.2% of Americans (4.3 million workers) work at least half of the week.
“The modern work trend offers many benefits to organizations, such as greater access to talent and increased employee engagement. But it also creates unique security challenges — which organizations across the board aren’t yet equipped to handle,” said OpenVPN. “Remote work’s rise isn’t slowing for anyone, so organizations must prioritize the refining of their policies sooner rather than later.”
OpenVPN also asked the IT leaders about their remote working security policies. Remote workers are required to use VPNs by 74% of organisations, and a further 69% requires personal data to be encrypted. However, despite the risks posed by the use of personal devices, only 38% of organisations prohibit ‘bring your own device’. Just two-thirds of organisations require their remote workers to undertake security training. Password managers are used by 56% of organisations.
While the vast majority of organisations (90%) require all remote workers to take part in security awareness training, a fifth of organisations provide that training more than twice a year. A further 30% firms provide training twice annually, 8% only require employees to undertake training when they join the organisation, and 11% ‘have an e-learning platform offering courses for employees to take as they desire’.
The report recommends ‘formalising a detailed remote worker security policy’ and enforcing it strictly; 49% of respondents responded that, even though they had remote working policies in place, they only ‘somewhat agreed’ that their remote workers were following those policies.