Now that businesses are beginning to reopen and there is a slow migration back to the workplace, organizations can take a closer look at how the transition to remote work and security have been managed.
According to a new survey conducted by 1Password, although only 27% of respondents said their company was prepared for the move to remote work, a whopping 89% said they had no criticism of their IT teams whatsoever.
“At a time when so many companies have been so dependent on IT to make this transition, that’s a tremendous testament to the hard work IT teams have been putting in,” said Matt Davey, COO of 1Password, in an email interview. “It’s also a testament to the healthy state of technology, and the power of SaaS in particular to enable new and flexible ways of working.”
Relaxed Security Among SMBs
Enforcement and abiding by security protocols have been mixed, however. While 63% of IT workers said they believe employees are following security protocols and requirements better when working from home, and 58% say they are doing a better job at following those protocols while working remotely, nearly half of SMBs said they’ve relaxed their security protocols during this time.
“We know that half of those breaking their company’s IT rules are doing so to be productive,” said Davey. “Businesses have recognized this and relaxed the rules a little to give their teams a broader collection of tools to use, including those better suited to remote communication and collaboration.”
One area where SMB security may have improved, however, is with shadow IT, which has long been a cybersecurity issue for companies. “It seems that the change to remote working has brought these conversations into the open, and shadow IT into the light,” said Davey. “That’s great news for businesses’ online security.”
Beware the Risky Employees Out There
While the 1Password study found a little more than half of employees are following security protocols, the “State of DLP” study from Tessian found that WFH employees are more likely to think risky cybersecurity behaviors are okay. According to the study, “not only are they twice as likely to send unauthorized emails, they’re also almost twice as likely to download, save, or otherwise exfiltrate work-related documents before leaving or after being dismissed from a job.”
“This is why WFH is keeping IT leaders up at night,” said Josh Bohls, CEO at Inkscreen, in an email comment. “Employees are going to find workarounds to remain productive; they are not going to ask IT for permission or advice as frequently; and they will introduce unknown risks to the company. Most people think of ‘insider threats’ as employees with bad intentions but the more prevalent threat is derived from not adhering to IT policy.”
Businesses Must Take Charge of Security Behavior
It’s incumbent upon businesses to capitalize on and encourage good security without squandering that goodwill by being absolutist about things, Davey pointed out.
“A simple example would be that it’s better to change weak passwords on your most important accounts than changing none at all—don’t make changing all of them a requirement to getting started,” he stated. “Likewise, implement multi-factor authentication in the most important places first rather than making it a requirement across the board all at once.”
To make following security protocols easier, IT departments should have tools in place that allow for high productivity with effortless security behaviors, rather than put in roadblocks that frustrate workers so they end up looking for security shortcuts.
COVID-19 has possibly changed attitudes toward remote work, making security awareness even more vital. Organizations did a tremendous job making the transition from workplace to home quickly. The next step is to ensure security protocols continue to be followed and any employee risky behavior is remedied quickly if WFH is going to stay a successful and viable option for organizations.