1 in 5 I.T. pros say remote workers are not secure, survey finds
Key takeaways from the 2022 Remote Management Survey by Hornetsecurity
- 18% of I.T. professionals believe that remote employees are not working securely and that company data is at risk
- 8 out of 10 I.T. professionals believe that remote working conclusively introduces cybersecurity risks that are otherwise not present.
- According to 3 out of 4 I.T. professionals, employees are using personal devices to access sensitive company data
- 1 in 3 organizations does not provide cybersecurity awareness training to remote employees
- 1 in 6 organizations has suffered a cybersecurity incident directly related to remote working
About the 2022 Remote Management surveyAs part of our effort to remain in touch with the current state of the IT industry and to keep our finger on the pulse of the frequent and drastic shifts that come with it, our team at Hornetsecurity conducts a survey every few months. Each survey concerns a specific topic that we think is essential to the industry, and to business entities of all kinds and in all parts of the world. No shift has impacted the way many organizations operate than remote work and the subsequent need for remote management. While the concept of remote work is not new to the industry, the 2020 pandemic has supercharged its adoption around the world and across industries. This has led to organizations changing, seemingly overnight, to remote working setups which have introduced a host of cybersecurity concerns that were not viable threats until now. Our 900+ survey respondents come from a multitude of industries, regions, differing years of experience, and from companies of varying sizes.
Remote Working in 2022Initially brought to the mainstream workplace as a pandemic measure, remote working has become a staple of the modern working environment, in addition to remote monitoring and remote team management. With more companies opting for either a fully remote or hybrid approach to work, the shift towards remote work over the last few years is extremely well-documented, and all the evidence points to it being a permanent employment fixture for the foreseeable future. Remote work has therefore become one of the most fundamental aspects for the workplace, both from the perspective of employers and employees. While a recent survey by Buffer shows that 97% of remote workers would like to continue doing so for the rest of their career, employer opinion on remote work tends to vary, with 72% of employers in the United States preferring that their employees work within an office environment, and only 12% of leaders considering employees as productive working remotely as they are in the office, despite evidence to the contrary. Other employers cite security concerns as their primary motivation for bringing office workers back to the office, with a 37% increase in data breaches in the third quarter of 2022. That said, this is a significant decrease from the 125 million data breaches that occurred shortly after the beginning of widespread remote working, proving that companies that invested in good cybersecurity practices and remote team management tools had an immediate effect on risk within their organizations. Regardless of employer opinion, the overwhelming response to remote work from an employee perspective has been positive. Over 57% of employees cite that they would leave their job if remote work or hybrid working was not an option for them; 84% state that they would take a pay cut in order to retain their work from home privileges or to work for a company that allowed them to work remotely. The biggest benefit to working from home for employees is the flexibility that it allows them, with 67% claiming that the flexibility in their lives had led to a better work-life balance. While remote work does come with its own set of challenges for employees, such as struggling to create and then maintain that balance, it is overwhelmingly clear that remote and hybrid working is here to stay, and therefore organizations need to be prepared to face the challenges that remote management brings from a security perspective. The immediate increase in cybersecurity breaches at the onset of remote working, and its subsequent decrease as companies shifted their investments into better security training and cybersecurity measures, proves that remote working can be as safe as working from the office, provided the employees and employers both have the training to adhere to stricter measures. In 2021, this was primarily implemented with multiple authentication measures for endpoints and servers, as well as a boost in security training. These are measures that need to be built on, and improved upon, for a better secure workplace in general, but companies with remote or hybrid work policies need to give better cybersecurity measures a stricter priority for 2023.
Close to 1 in 5 I.T. professionals (17.9%) say workers are not secure when working remotely
3 in 4 IT professionals (73.8%) say that employees can access sensitive work-related data through their personal devices
14% of respondents said their organization suffered a cybersecurity incident related to remote working
What are the main sources of remote work related cybersecurity incidents?
28.1% of our remote management survey respondents reported that ‘compromised endpoints’ and ‘compromised credentials’ were the main reason for security incidents.
When it comes to compromised endpoints, the explanation is fairly obvious – as users travel and work in different locations, there is a higher possibility of losing devices that contain sensitive data. The risk of this is intensified when one considers the relatively high amount of personal devices that have access to sensitive data that do not have any endpoint configuration to help protect against unauthorized access.
Credentials becoming compromised through the threats of social engineering and email phishing attacks are also equally common. Remote working exacerbates this risk as users are more isolated and less likely to be able to identify threats alone. In comparison, those in the office may have more instant access to other colleagues who can help verify communication before communicating sensitive information. The solution to this particular issue is two-pronged. Firstly, a robust email security suite can eliminate a significant portion of inbound threats before they even reach end-users. For the threats that do reach their intended target, cybersecurity awareness training such as the programs offered by Hornetsecurity can hugely impact the potential of a data breach.
15.7% of respondents also cited uncontrolled file sharing as a source of cybersecurity incidents. Cloud storage platforms have become essential for remote work operation, but sharing access to files on these platforms with third parties introduces significant risks. User error that results in access being provided to sensitive company data to unauthorized individuals is a serious risk, and is relatively common. Stringent access and authorization processes need to be put in place in order to avoid such occurrences.
Just over 1 in 10 (11.6%) of respondents that reported a remote-work related cybersecurity incident said that unsecured or public networks were the root cause. While endpoint security might be in the control of most I.T. departments, the networks that users connect to add another layer of risk that is not always accounted for. While relatively uncommon, users could be victim to attacks such as Wi-Fi spoofing in public areas. For example, a cybercriminal may name a remote Wi-Fi hotspot the same name as a local coffee shop, tricking users into joining said network and compromising their endpoints.
The least common source of cybersecurity incidents per this survey was lack of physical security or privacy in public places. While this is an extremely low-tech form of cyber attack, it was still reported by nearly 1 in 10 of incident victims. This serves as a reminder that there are some security considerations that cannot be handled through any digital remote management tool, and rely solely on users’ awareness of their surroundings.
Which companies are most at risk of remote work cybersecurity incidents?
Almost half (47.6%) of employees in the respondents’ organizations work remotely
4 in 5 IT professionals (79.5%) think that remote work introduces cybersecurity risks that are not present when working on-premise
1 in 3 organizations do not provide any cybersecurity awareness training to users who work remotely
How confident are IT professionals in their remote security measures?
What are the most commonly used security features for remote management?
How do organizations handle device management for their remote employees?
What is the most popular endpoint management tool used for remote employees?
Group policy (60.7%) is the most popular endpoint management tool used by organizations, followed by RMM Tools (43.4%).Endpoint management tools allow I.T. teams to be significantly more efficient when handling the security and monitoring of multiple endpoints. Group policy has been the go-to tool for many years, and this survey indicates that this is still the case among many organizations – especially those with internal I.T. teams as opposed to those that use MSP services. The survey shows that 70.1% of internal I.T. teams use group policy for endpoint management, as opposed to 51.7% of MSP professionals. While group policy is still a valid tool for many organizations, it lacks features that are present on more modern remote monitoring and management tools. In fact, while group policy is the more popular endpoint management tool for internal I.T. teams, remote monitoring and management (RMM) tools are more popular among respondents that work for MSPs (55.1% vs 51.7%).
Over 1 in 10 respondents (10.9%) say that they do not use any endpoint management system.
Employees are less confident in their company’s remote IT security than I.T. professionals.
Psychological profiles of hackers and I.T. professionals
Full 2022 Remote Management survey results
If you’d like to take a look at the ransomware data, feel free to peruse the survey results here.