Many companies do not provide their remote workers with any cybersecurity awareness training, new research has claimed, despite these workers having access to sensitive company data. A report from Hornetsecurity polling almost 1,000 IT professionals working in businesses of all sizes across the globe found that a third (33%) do not provide any kind of cybersecurity awareness training to their remote staff. At the same time, three-quarters (74%) of these remote workers have access to critical data, potentially putting their employers at major risk of expensive, brand-shattering cyber-incidents. The report also suggests that IT teams are aware of the position they’re in, as almost half (43%) of IT pros rated their confidence in their remote security measures as “moderate” at best. Some (16%) believe that “uncontrolled file sharing” was a common cause of cyber incidents. The risks could only be set to increase, as the report found almost half (44%) of firms are planning to increase the percentage of their remote working staff in the future. To tackle the problem, Hornetsecurity says businesses need to do the obvious - increase education and training, particularly basic training, which could “significantly” improve an organization’s cybersecurity posture. Furthermore, businesses should have “strong systems” set up, to protect their employees. Compromised endpoints (28%) and compromised credentials (28%) were the main sources of cybersecurity incidents, it said. Furthermore, 15% said employees use their own devices to work, albeit with “some endpoint configuration”. “Traditional methods of controlling and securing company data aren’t as effective when employees are working in remote locations and greater responsibility falls on the individual. Companies must acknowledge the unique risks associated with remote work and activate relevant security management systems, as well as empower employees to deal with a certain level of risk,” said Daniel Hofmann, CEO of Hornetsecurity. “Increasing remote working cybersecurity measures is particularly important in the current climate, as cybercriminals are becoming smarter and using remote working to their advantage. We’ve seen an increase in smartphone attacks as hackers understand that both personal and professional data can likely be accessed as people can, and often do, carry out work on personal devices.” Basic training to the rescue
source https://www.techradar.com/news/many-firms-arent-giving-remote-workers-any-security-training
Read more