When the world shut down for COVID-19, jumping to remote platforms was the logical decision for most companies that continued to operate. Unfortunately, while many companies have nearly perfected the art of working remotely, most missed one crucial component: cybersecurity.
Now, nearly half a year into the pandemic, security concerns are mounting.
In a study published by Dice, IBM and Morning Consult discovered that a whopping 52 percent of employees were accessing work-related information on personal devices–a statistic that ages particularly poorly with the additional fact that 45 percent of those employees haven’t had any security training to complement their use of personal devices.
There are a number of issues that can arise from using a personal computer, tablet, or smartphone for work-related activities, primarily the problem of mixing work and play. In all likelihood, the websites you access during your time on the clock don’t look much like the websites you frequent during your off hours.
Mixing the sign-in credentials, passwords, and browsing habits in the same browser–or on the same computer–can increase your chances of losing your work credentials or important, confidential data to phishing attempts, malware, and so on. Even using a private browser or a VPN doesn’t entirely mitigate these concerns.
There’s also the minor (he said sarcastically) issue of personal device forfeiture should the organization you work for determine that something on your device led to a data breach. While this is substantially more common in government-controlled occupations than in the private sector, most would argue that the chance of losing your computer because someone else decided you made an easy target, isn’t worth it.
The problem, of course, is that many employees didn’t have a choice. In the scramble to implement responsible working environments and social distancing, cybersecurity took an aggressive backseat–and the repercussions could very well be forthcoming.
One possible–and affordable–solution to this crisis is password management and reset counseling, but even that measure has some doubtful applications since–in the same study cited above–66 percent of employees surveyed indicated that they had not been given any form of password management training in the wake of the transition to remote work. For what appears to be a cheap answer, password help seems to be strangely absent.
COVID-19 doesn’t look like it’s going anywhere, and states that reopen are finding themselves almost immediately transitioning back to remote work due to new outbreaks. Let’s be clear: Our infrastructure cannot handle a massive security attack now. If companies want to protect their longevity, they can start by providing employees with distanced work security trainings–and maybe mandating a password change here or there.
Pingback: Supreme Court vs online security: Has the reckoning come?