Remote Workforce Cybersecurity Concerns Hit New High
Results of the 2021 Unisys Security Index are in, and they pointed to a high level of concern about rising cybercrime. The survey revealed that 62% of global respondents are seriously concerned about identity fraud, up 5% from 2020. Also, 60% are concerned about bank card fraud, up 4% from 2020. Findings also showed a lack of awareness when it comes to specific attack types and prevention methods—most users are unaware of modern attacks and scams such as SIM jacking, PAC fraud and SMS phishing.
Throughout the pandemic, there’s been a particular uptick in cybersecurity threats. For example, a Salt Labs report found malicious API traffic rose about 350% over six months in 2021. The pandemic also ushered in remote work, creating a new dilemma for CISOs in how they balance security and productivity with a house-bound workforce. Those working in remote environments with little security awareness could put not only themselves but their teammates and employers at risk, too. More often than not, distributed employees use software unsanctioned by IT, and expect autonomy with little to no monitoring of their technological use.
Conducted 18 months into the pandemic, the global 2021 Unisys Security Index™ surveyed 11,000 people on consumer security and privacy concerns. It also shed light on employee preferences regarding IT control over remote work. Below, I’ll review the key takeaways from the report and consider how organizations can mitigate these realities to help retain a stable hybrid business.
Mounting Concerns Over Digital Fraud
In our climate of increasing cyberattacks and scams, nearly all users have had a run-in with malicious behavior at some point. As such, 57% of respondents are seriously concerned about hacking and viruses, a six-point increase from 2020. Studies show that cloud-delivered malware, such as infected Office document downloads, is surprisingly still as rampant as ever.
The good news is that 61% said they are wary of clicking on links in a text message, email or in a social application. These fears are well-founded, as phishing attacks account for more than 80% of reported security incidents. For example, in recent weeks, a major phishing scam known as the “hours to make” con has gone viral on social media messaging, tricking users into divulging account information. Account takeover can be detrimental for high-value profiles and lead to pricey demands to regain access.
And 51% of respondents said they are seriously concerned about online shopping security. Sites that process payments may store personal financial information—a prime target for data exfiltration. Access to sensitive information such as credit card numbers could be used to steal user identify—thus, online spaces that accept transactions are especially attractive to attackers.
Security Repercussions of Remote Work
Many of the new hybrid and fully remote work environments are here to stay, and management realized the benefits of this change. A full 83% of employers found that the shift to remote work was successful for their company, according to the report. However, these advances brought unintended consequences around security and data privacy.
The most apparent result is a lack of control around provisioning new software for company-issued and personal devices. In fact, 45% of employees said they have used software not authorized by their company. This encompasses mobile, PC and cloud-based tools. When asked why, 42% said they use the tools for their personal life and 42% said the tools are better than those provided by their company. And 38% also said they downloaded unsolicited tools simply because they needed them to do their job.
“This highlights the extent to which users are looking for consumer-friendly services and apps, including at work,” said Leon Sayers, director of advisory at Unisys Asia Pacific. “And sometimes, the business apps just don’t cut it.”
In the new remote work era, installing unapproved third-party software on work devices poses inherent security risks that arguably go beyond the pre-pandemic bring-your-own-device (BYOD) concerns. Yet, too much oversight here would harm the employee experience, since most employees are not interested in allowing their company to monitor their activities.
When it comes to monitoring activities, 40% of respondents said they were OK with employers monitoring login and logout times. But acceptance drops sharply for screen and microphone monitoring. Only 28% are OK with webcam monitoring during video conferencing, and only 27% are OK with web browser monitoring.
Remote workers expect autonomy and respect. They are similarly apprehensive about sharing personal data such as medical history and location data. Of these personal data statistics, the highest approval rate was for vaccination status—53% are open to sharing vaccination status to ensure a safe and healthy work environment.
Employees Lack Mobile Security Awareness
Throughout the pandemic, workday mobile device use climbed. Mobile devices are becoming a more frequent attack target, yet employees are largely unaware of the modern mobile attack types. For example, 76% are unaware of SIM jacking or PAC fraud, when a scammer accesses your phone from theirs. And 56% say they are unfamiliar with the threat of SMS phishing. Social engineering tactics often pose as trusted authorities over SMS to steal credentials.
“It’s likely that most haven’t thought about the security risks of ad-hoc and personally-preferred software and applications. What began as BYOD (personally-preferred devices like iPhones) has grown into the apps, services, social and gaming environments,” said Gene Chao, senior vice president and general manager, enterprise computing solutions and cybersecurity solutions, Unisys. “But as nearly half of employees download unauthorized tools and software as our personal and professional lives weave into each other, it means that malware or viruses can enter work networks, oftentimes with little or no record of a breach. That’s a big problem.”
With advances in computing power and more frequent use of mobile devices for things like multifactor authentication, users have become accustomed to shifting more credentials and company account access to mobile. And compromised mobile devices could easily offer hackers a doorway to internal networks. Though 54% of employees are just as careful on mobile devices as they are on PCs, it still leaves a hefty percentage of users seemingly less aware of mobile threats.
Another report recently found that nearly 80% of employees lack confidence in their company’s cybersecurity posture. While this will likely influence a greater security investment into the coming year, interestingly, the majority of remote employees don’t hold their company liable for cybersecurity. In fact, 62% consider it their own responsibility to keep their personal data safe and secure while working from home.
Reversing Insecure Cultures
The consumerization of IT has had made technology more pervasive, intertwining our digital personal and work lives. Yet, unfortunately, secure design is not the norm in most organizations.
An Invicti study recently found that 45% of development teams frequently completed projects without carrying out all the necessary security steps. Lacking an apparent security culture can naturally lead to less secure software development. But it can also limit overall security awareness and stunt remediation. A whopping 76% of employees do not know where to report scams if they were to be victimized, found the Unisys study.
It’s clear that to advance security, more knowledge sharing is required. In addition, Unisys recommends the following steps:
- Balance security with a positive employee digital experience
- Protect the cloud(s)
- Use transparency to build trust
- Build security controls into your network
- Increase security training
The 2021 Unisys Security Index™ is a 15-year-running snapshot of consumer security concerns conducted globally. To view the complete 2021 report, check it out here. The full report expands on the data presented in this article and showcases granular regional and age differences.
