Remote Workers Duck Security Rules

  • More than half of employees who work remotely are deliberately ignoring or working around security policies put in place by their company, according to new research.

    The insider threat was unearthed during a recent survey of IT and cybersecurity professionals across industries conducted by identity platform Axiad when putting together its 2021 Remote Workforce Security Report.

    Researchers found that 52% of tech leaders reported that their remote employees had found workarounds to their company’s security policies.

    “Employees were most resistant to complying with multi-factor authentication, mobile device management, and password managers, making it difficult for organizations to ensure all their employees are fully and securely authenticated to all their applications and devices,” said Axiad founder and co-CEO Bassam Al-Khalidi.

    “These gaps in authentication leave the business vulnerable to cyberattacks.”

    The report notes that phishing threats (71%) and malware (61%) were the most significant new threat vectors impacting remote work environments. More than half of respondents (56%) cited unpatched vulnerabilities as an issue, while 42% were bugged by malicious websites.

    While identity theft was a concern for just 37% of respondents, nearly half (49%) were worried about unauthorized users and privileged access.

    With the boom in remote working following the Covid-19 pandemic, companies have been taking steps to secure their employees’ access to corporate resources. Researchers found that organizations purchased more user licenses for existing applications (47%), more hardware (29%), took on new vendors (26%), and invested in extra cloud applications (19%).

    Another key finding was that 79% of security professionals use the same level of security controls and data management for every employee when corporate resources are being accessed remotely.

    “We believe the dramatic increase in phishing threats, combined with 52% of remote workers undermining their company’s security practices, creates a perfect storm for tech leaders,” said Al-Khalidi.

    “It’s concerning that so many employees take shortcuts to get their job done, rather than embrace their personal responsibility to follow the policies of their company.”

    Al-Khalidi encouraged companies to find a way for their employees to authenticate quickly, securely, and without causing any friction with the IT team.