Lookout Inc., an endpoint to cloud security company, releases today its new report, The State of Remote Work Security, to raise awareness among IT and security leaders about the growing threats associated with remote work and bring your own device (BYOD) policies.
Survey results show that with remote and hybrid working, personal and work tasks blur together and the boundaries between the two have become more porous. Lookout data show that 32 percent of remote and hybrid workers use apps or software not approved by IT and 92 percent of remote employees perform work tasks on their personal tablet or smartphone devices.
These devices, apps and software, along with the corporate data being accessed, are not visible to IT, thereby dramatically increasing an organization’s risk posture.
The cloud has become a crucial backbone for most organizations. In 2020, 61 percent of businesses in the United States migrated their workloads to the cloud – triggered by the global pandemic and the need to support remote work – and as of 2022, 60 percent of all corporate data was stored in the cloud. While providing employees with remote access to corporate data in the cloud provides flexibility and potential boosts to productivity, this coupled with BYOD can increase an organization’s exposure to risk.
Because these devices are most likely not managed by IT, organizations have little visibility or control over potential threats such as operating system and app vulnerabilities, the types of apps that have access to corporate data, as well as phishing attempts.
As organizations continue to move their apps to the cloud, IT needs to move beyond providing access to users based on device posture and address how they can extend access control policies to ensure secure usage of corporate data stored in these apps.
Additional report findings include these remote worker behaviors that create increased data security risks to organizations:
- 90 percent access corporate networks from areas other than their home, with an average of five different locations – this introduces security risks as company data could be exposed across multiple networks not monitored by IT.
- 46 percent have saved a work file onto their personal device instead of their employer’s network drive – personal device OSs are far more likely to be out of date which means they are not protected against the latest vulnerability exploits and malware.
- Nearly one in three remote employees work more than 20 hours per week on their personal tablet or smartphone device – personal devices often have dozens of unsanctioned apps that threat actors use as avenues for their phishing attacks.
- 45 percent use the same password for work and personal accounts – reusing passwords exposes a user’s accounts to cyber criminals, which increases the risk of identity theft as well as sensitive data theft from their organization.
All these behaviors point to the need for organizations to have a completely new approach to security so that it keeps pace with the way remote users access data and collaborate with each other.
The State of Remote Work Security report from Lookout is based on a survey of 3,000 remote and hybrid workers from enterprise companies in the United States, United Kingdom, France and Germany.