Skip to main content

Working from home during coronavirus may have created security crisis, IBM says

remote working
(Image credit: Shutterstock)

Remote working has become a daily reality for tens of millions of people worldwide as a result of the coronavirus pandemic. But it’s resulting in unprecedented security challenges.

A report from IBM Security highlights the security challenges faced by remote workers and their employers. It found that more than half of survey participants were working remotely without new security policies in place to protect them from cyber threats.

According to the IBM study, which surveyed 2,001 U.S. remote workers, 80% of respondents had rarely worked remotely before or had no experience of remote working before the pandemic.

IBM says remote working has “exposed new security risks”, and almost 50% of employees said they were concerned about cybersecurity threats as they worked from their homes.

New security risks

While 93% of new remote workers believed that their employers were capable of protecting personally identifiable information, more than half (52%) were working from personal laptops and 45% had not been provided with any additional training. 

The research also showed that companies may not be doing enough to secure personally identifiable information. In fact, more than half of remote workers hadn’t been given new guidelines for handling such information, and 42% of employees responsible for managing this data were now working from home. 

There may also be a shortage of security policies related to remote working. Over 50% of participants admitted that they were unaware of new policies covering issues like data handling and password management.

Poor password management has also become a stark reality for many companies with remote workers. IBM found that 66% of remote workers did not have new guidelines for managing passwords, while 35% were re-purposing passwords for their corporate accounts. 

Protecting remote workers

"Organizations need to use a risk-based approach with work-from-home models, then reassess and build from the ground up," said Charles Henderson, global partner and head of IBM X-Force Red.

"Working from home is going to be a long-lasting reality within many organizations," he added. "The security assumptions we once relied on in our traditional offices may not be enough as our workforce transitions to new, less controlled surroundings." 

Daniel Lewis, CEO and co-founder of cybersecurity firm Awen Collective, urged firms to educate their remote teams on cybersecurity threats and ensure the teams were protected. 

"We know from experience that most business cyber security incidents are caused by employees," Lewis told Tom's Guide. "The vast majority of these will be human error, although we have also seen some purposeful insider attacks.

“The key for businesses is to ensure that you and your employees know what assets are owned by the business, preferably in as much detail as possible. Make sure it is easy to load software and firmware updates on all WFH devices, and most importantly ensure that everyone considers that there will be vulnerabilities."