Worldwide, social distancing has affected the day-to-day activities of nearly every person. In many cases, that means working from home.
Social distancing will save countless lives by helping the nation slow the spread of COVID-19. With more employees now working from home, however, security vulnerabilities and the risk of cybercrime have both increased.
To better understand the changes remote workers are facing, G2 surveyed more than 650 individuals working remotely: some in response to the novel coronavirus pandemic, others who always worked remotely. The statistics regarding the lack of security measures in place for rapidly growing remote workforces are staggering and should motivate decision-makers to prioritize security above many other aspects of their business.
Remote security statistics were already abysmal
About half of individuals working remotely prior to February 2020 reported using a virtual private network (VPN). Barely one in four remote workers were required to use any level of multi-factor authentication to access business information remotely. And just over 8% said there were no additional security measures in place for remote workers.
|Related: How to Strengthen Remote Workforce Security During Crises →|
Companies allowing remote workers to access business-critical systems remotely, without a VPN, are leaving their employees’ online activity unencrypted and visible to even the most novice hackers. Without file-sharing restrictions in place, organizations leave sensitive information at risk of easily slipping out of a business network and into the hands of cybercriminals, competitors, and anyone else that should not have access to it. (A data loss prevention (DLP) solution can help prevent data leaking out of your organization.)
Regardless of role or industry, all employees at all companies should have some level of security awareness training. Phishing, the biggest online threat facing businesses today, was reported by 79% of companies in 2019. Employees, including C-suite executives, should be trained continuously on how to identify phishing attacks and understand the enormous risks they pose.
And if these numbers aren’t scary enough, many of them—aside from VPN usage and remote-access restrictions—only get worse for those working from home in response to the pandemic.
The new wave of remote workers remain unsecured
The COVID-19 pandemic and the resulting shift to a largely remote workforce have exposed a number of vulnerabilities within business processes, including the number of technologies in place to protect information accessed by remote workers. Companies must act quickly if they want to have any chance of preventing a major cyberattack or data loss incident.
For individuals who worked remotely prior to the COVID-19 outbreak, almost all security technologies were used more frequently than those who have transitioned to remote work since the pandemic began. Still, the numbers representing remote work security tool usage depict a consistently vulnerable and rapidly growing remote workforce.
Usage statistics of file-sharing restrictions, security training, and multi-factor authentication are lower for those new remote workers. The most interesting and terrifying statistic with this new group was the number of individuals using none of the solutions described.
43% of new remote workers reported using no security technologies at all. That's 438% more than the number of remote workers prior to changes resulting from COVID-19. Combined, 34% of all remote workers said they don’t use any of the security tools mentioned in the survey.
Hackers dream of a world where the majority of small businesses aren’t encrypting their online activity; where fewer than one in three remote workers even have security training.
With about two-thirds of respondents as newly remote workers depicting a rapid increase in unprotected workers and only a slight increase of security mechanisms to protect them, we’ve chummed the waters and lured attackers into our homes.
Remote application usage increasing rapidly
Social distancing, as a response to the coronavirus pandemic, has drastically increased the global remote workforce while security efforts struggle to catch up. Making matters worse, employees using these unsecured endpoints like laptops and mobile phones—along with questionable home networks—are increasing their usage of business applications like internal communication, team collaboration, and video conferencing software.
In other words: The pool of remote workers (users) has increased, along with the number of applications they use, while the number of security measures in place for remote workers has only increased slightly.
This is a recipe for disaster in the form of data breaches, data loss, regulatory fines, and harm to brand reputation.
And what's more, information security was the third-lowest concern on the minds of the workers surveyed. When asked to rate their biggest concerns, remote workers said work-life balance, maintaining human contact, staying productive, maintaining internet connectivity, and managing projects were all more concerning than business information security.
Luckily, many long-time remote workers and new remote workers both showed some increased usage for every security technology.
This mindset is understandable—the rapid change can have significant impacts on a worker’s emotional and professional well-being—but tragic on multiple levels, and many aspects of remote work will likely get worse before they get better unless businesses rapidly adopt new security measures to protect the ballooning remote workforce.
Historically, small businesses are the biggest targets and the least secure
Small businesses have always been the biggest targets for cyberattacks because they have valuable data and weak security measures in place. Today, 43% of breaches involve small businesses, according to Verizon’s 2019 Data Breach Investigations Report. Small businesses have fewer security tools and skilled staff to help them protect themselves, but still have a ton of information valuable to online criminals.
On top of that, small businesses are currently having the toughest time adapting their technology stacks to secure both themselves and their employees in the wake of an increased remote workforce, largely because they have the most ground to make up.
While more than two-thirds of respondents from enterprise companies (more than 1,000 employees) reported using a VPN, just 36% of remote small-business employees reported using one. However, that number is up significantly since the pandemic, with 54% of the newly remote small-business workforce using a VPN.
Enterprise businesses are still vulnerable, however. While the number of small-business employees using a VPN rose nearly 20 percentage points, after working remotely as a result of COVID-19, the number of enterprise workers using a VPN rose less than 5 percentage points.
Prior to working remotely as a result of COVID-19, only 12% of employees at enterprise companies said their employer required zero security technologies. Since the shift, 41% of remote enterprise employees report using no security software.
Still, the numbers paint a consistent picture of security as a lower priority at the small-business level, resulting in less training and fewer security mechanisms in place.
Today, every business is more vulnerable
Regardless of the slight increase in security application usage across the board, there is a clear and substantial increase in the total number of unprotected individual remote workers.
Some might argue this increased pool of remote business devices might mean they can slide under the radar or are less likely to be attacked.
Those people are wrong.
Phishing campaigns and other cyberattacks are easily scalable. The larger pool of unprotected devices accessing business information just means more targets and more data.
Companies of all sizes need to develop security solutions that address remote work. They also need to provide their employees with the necessary training and resources to protect sensitive data and information—both their own, and that of the company they work for.
Survey methodology: Data collected from 676 respondents from March 24–27, 2020. Individuals surveyed are businesspeople who are currently working remotely full-time, 88% of whom are working from home directly in response to the COVID-19 pandemic. Respondents reside in North America, APAC, or EMEA, come from all industries and roles, and comprise a mix of G2 users and outside respondents.