According to a recent Kaspersky report, How COVID-19 changed the way people work, three-in-four (73%) employees working from home have not yet received any specific cybersecurity awareness guidance or training designed to keep themselves secure from risks. While it can be more difficult to control the security of corporate IT and data remotely, threats still remain. For example, one-in-four (27%) employees say they have received phishing emails related to COVID-19. To avoid such risks, it is important for organisations to educate staff about cybersecurity.
While employees take on the massive shift of working from home, it is important for businesses to ensure their staff can work as they usually would. Keeping employees protected becomes a challenging task, as it takes a lot of resources to enable secure access to services staff regularly need to carry out their jobs well. Establishing effective cybersecurity measures is therefore critical, as remote working may also bring new risks such as increased spam and phishing attacks, connecting to compromised WiFi spots, or the use of shadow IT by employees.
However, a survey of 6,000 workers around the world has shown that employers may not be explaining to their employees how to avoid becoming victims of these risks. At least 73% of respondents said they were not provided with cybersecurity awareness training when they started working remotely. Additionally, more than a quarter (27%) of surveyed employees have already received, for example, phishing emails on the topic of COVID-19. Accidental downloading of malicious content from such an email can lead to devices being infected and business data being compromised. Many employees have also increased the use of online services for work that were not approved by their IT departments, known as shadow IT, such as video conferencing (70%), instant messengers (60%) or file storage services (53%).
“It is hard to keep things ‘business as usual’ when everything needs to change so dramatically. While employees are trying to get along with the new reality of working from home, IT and cybersecurity teams are under pressure to enable them to continue working safely. Cyber-incidents can only add difficulties to this challenge, so it is important to remain vigilant and make sure remote working is also secure working,” comments Andrey Dankevich, Senior Product Marketing Manager at Kaspersky.
Kunal Anand, Chief Technology Officer at Imperva, commented “…when it comes to building a security program, focusing only on technology and processes puts us in a weak and unbalanced position. Businesses will need four steps in place. First, start at the top and get leadership support, second, conduct awareness training to ensure employees know what needs protecting, third, test the security posture such as through internal phishing campaigns, and fourth, ensure transparency and continual communication. Only then will everyone, on a personal and business level, be able to mitigate the risks that these attacks can cause.”
Recommendations to help businesses enable secure remote working for their employees:
- Ensure your employees know who to contact if they face an IT or security issue. Pay special attention to employees that have to work from personal devices – provide them with dedicated policy and security recommendations
- Schedule basic security awareness training for your employees. This can be done online and should cover essential practices, such as account and password management, email security, endpoint security and web browsing. Kaspersky and Area9 Lyceum have prepared a free course to help staff work safely from home
- Take key data protection measures to safeguard corporate data and devices, including switching on password protection, encrypting work devices and ensuring data is backed up
- Ensure devices, software, applications and services are kept updated with the latest patches
- Install proven protection software, such as Kaspersky Endpoint Security Cloud, on all endpoints, including mobile devices. It also helps ensure that only approved online services are used for work purposes, reducing the risks of shadow IT
To read the full Kaspersky report and learn more about how the pandemic has influenced the way people work, please visit this page.