In a recent survey of 1,000 working Americans, Lynx found that 36% of them have been or know someone whom a cyberattack has affected since the onset of the pandemic. As such, most (69%) are now more uptight about security risks during COVID-19 than beforehand. More than half (54%) of the respondents asserted their most immense cybersecurity suspicion is their compromised data.
Despite the heightened risks, just 49% of those surveyed think their organization’s cybersecurity has bolstered since the advent of the outbreak. Referring to several examples, 65% said their company lets them use their work computer to access personal services, 60% said their company had not prohibited the use of certain apps and tools that don’t meet high-security standards, 58% said their company hadn’t implemented antivirus software, and 58% said they were not aware of their company implementing strict IT security policies.
Remote workers themselves are triggering certain risks through poor cyber hygiene, a lack of knowledge, and uncertainly over the right and wrong actions. In this vein, 76% of those polled said they sometimes use a personal device for work, 75% use their cloud-based services to store and edit work documents, and 60% said they use USB devices to move work files. Further, almost a quarter said they’re not sure if they can switch off their VPN.
Nearly all workers surveyed said they know their work laptop must be secure. However, some 30% acknowledged they weren’t aware that company devices outside the workplace are at greater risk for cyberattacks. Also, more than half believed they wouldn’t be able to tell if their work device had been hacked, and three in 10 said they wouldn’t know what to do if their device had been hacked.
“Organizations of all types need to prioritize finding ways to secure end-points for their employees’ devices, whether they are on laptops, edge servers or anything between, especially in the remote, zero-trust environment we are living in,” Arun Subbarao, vice president of engineering and technology at Lynx Software, said in a press release. “For IT teams this doesn’t have to mean prohibitive costs or compromising performance.”
When asked how their organization could enhance this IT security rift among remote workers, more than half of the respondents asserted they would like to attain the critical policies to make them more conscious of any actions they bring that establish a security risk. Half of them would appreciate training sessions, and some 44% would understand weekly newsletter updates on cybersecurity efforts.
IT and security professionals can also separate and isolate the different domains and remote working environments to better protect them from security threats.
“Separating security functions into different domains and controlling the flow of information between those domains ensures confidentiality and integrity for security-sensitive use cases in organizations,” said Ian Ferguson, VP of Sales and Marketing for Lynx Software.
Ferguson recommends the following actions:
- Isolate the Windows environment for remote users.
- Create a separate domain to protect data in transit with two VPNs.
- Create a different domain to save data at rest.
- Create an isolated management domain to allow for security updates.
“By ensuring foundational security, an organization can effectively extend its firewall to the place where its employees are working, be that a house, a coffee shop, or (yes) an airplane,” Ferguson added. “Corporate IT policies are delivered and managed on a per-laptop basis wherever those assets are located.”