Security Roundup: Remote Workers, Bitdefender-Splashtop, Wandera-Microsoft
More than one in three organizations has experienced a security incident due to a remote worker, an unnerving fact considering that nearly 70 percent of employees globally work remotely at least once a week.
That’s according to a new survey by OpenVPN. It goes on to show that of those who have suffered a security incident, 68 percent experienced it within the last year.
We spoke with Francis Dinha, OpenVPN’s CEO, about this growing problem associated with remote workers.
Channel Futures: What are some of the common shortcomings in organizations’ remote work security policies?
Francis Dinha: While 93 percent of those surveyed have a remote work security policy in place, 24 percent of businesses haven’t updated these policies in more than a year. And although many of these policies have the right requirements – 74 percent require VPNs, 69 percent require sensitive data to be encrypted, and 68 percent prohibit work-related data on personal devices – they can’t simply set the policy and walk away. Your security policy deserves a regular slot on quarterly meeting agendas among C-suite executives so that the organization can hold itself accountable at the highest level for continuous security improvement.
Additionally, our study shows that 44 percent of organizations don’t let IT teams take the lead role in developing the remote work security policy. But why let anyone besides your resident security experts steer the initiative? No one approaches things from a truly security-first perspective like IT, so if security is an initiative’s main point, as it is with a remote work security strategy, IT should be heading the effort.
CF: Does the prevalence of remote workers present opportunities for MSSPs and other cybersecurity providers to assist organizations? Can you give some examples?
FD: When asked whether the benefits of remote work outweigh the risks, 92 percent of IT professionals said they do. Despite this, though, 90 percent of respondents believe remote workers pose a security risk in general, and more than half believe that remote employees pose a greater security risk than onsite employees.
Here’s how MSSPs and cybersecurity providers can assist organizations in mitigating this risk:
- If no VPN is present within the organization, then the company needs to institute one immediately to protect sensitive data going between the employee and their company network(s) and services.
- The company should establish some type of two-factor authentication with the company’s authentication system if not already present.
- A company should develop a policy on how to handle BYOD and which device’s sensitive data should and should not be stored.
- Workers need to have clear guidelines on how to secure their work devices when on unsecured networks and insecure physical environments.
CF: How do you ensure remote workers are following security policies?
FD: Nearly half of IT leaders say they only somewhat agree that remote employees adhere to remote work policies. As new measures are rolled out, IT representatives should hold live meetings with remote workers to illustrate how they can meet the requirements.
Additionally, education also plays a strong role in increased employee adherence. But our survey shows that only a third require their remote workers to take part in cybersecurity training twice a year, and this share drops to less than a quarter for more than twice a year. Make sure that remote workers aren’t …