It companies are placing unwarranted trust in their employees, household members and third-party vendors, according to the latest Apricorn 2021 Global IT Security Survey.
The findings show that IT security professionals are concerned about the cyber risks brought about by remote work, with 75 percent putting COVID-centric policies in place, including the use of two-factor authentication (48 percent) and encryption of sensitive data (41 percent).
More than 60 percent of respondents agree that COVID-induced remote work conditions have created data security issues within their organisations, with 38 percent noting that data control during the pandemic has been hard to manage. Even with these data control concerns.
Nearly 20 percent admitted that their work devices have been used by other members of their household. This surprising statistic from seasoned IT security professionals highlights that remote work policies can cause employees to relax their security stance when working outside of the office setting.
Almost 70 percent of respondents want an encrypted USB policy within their organisation, but 40 percent do not have plans to roll out a corporate USB program.
What was more of a worry was that 45 percent of respondents allow the use of personal USB devices without corporate oversight, leaving it to the employee to decide which device to use when to use them and for what data.
Lack of control over writeable devices connected to corporate systems within the firewall creates a huge opportunity for attack, as evidenced by the fact that corrupted, unencrypted USB sticks are one of the fastest-growing methods for malware introduction.
Apricorn Managing Director, Kurt Markley, said that the research supports the importance of endpoint hardware encryption, particularly during remote working conditions that will likely continue for many organisations long after this pandemic is over.
“IT security professionals should have implemented corporate usage policies and provided secure devices that mitigate the inherent risk of a BYOD strategy a year ago. Those who haven’t are extremely late on protecting internal systems from insecure and unmanaged devices and need to put policies and devices in place immediately.”
The research also showed misplaced trust in third-party vendors. Ponemon reports that 53 percent of organisations have experienced a data breach because of a third-party vendor.
However, more than a quarter of the Apricorn survey respondents (27 percent) expressed that they are not concerned about loss of data through third-party vendors and have increased the number of vendors with whom they work. When it comes to storing data in the cloud, respondents are baffled.
While 80 percent say they have offered a hybrid work option (remote work at least part of the time), a full 25 percent are not concerned about cloud security even though they have seen an increase in usage from disparate locations.
Almost 30 per cent are concerned but have strong processes for managing data stored in the cloud, and nearly 19 per cent have the same concerns but no policies in place about how to store data in the cloud.
These responses present conflicting trust issues: those that are over-trusting with no concern over the storage of their data, and those that recognise that they should be cautious with the data they entrust to the cloud.
Markley said:“Misplaced trust is risky. Businesses must strengthen their security posture, consider security policies and processes related to how they handle data, and make policy adjustments inside organisations and within agreements with partners. The use of hardware encrypted USBs and hard drives can be beneficial in these circumstances, providing the ability to securely store data offline and move it between locations securely.”
