Censornet has released its report Empowering the People: Critical Security Challenges of 2020, which uses insightsgathered from a survey of 300 cyber security professionals to explore the reality of the role of security during a global pandemic. A primary component of the report looks at the realities of remote working culture, and it also includes guidance from industry experts within Censornet for security teams who are trying to securely facilitate remote working and empower staff.
Employees engaging in dangerous web activity
Surveyed during the lockdown period, 67 percent of security professionals reported that they had caught employees engaging in unsafe or unproductive activity on the web. Perhaps unsurprisingly, the most common bad behaviour was employees using streaming services at work such as Netflix or Amazon Prime (35 percent). However, many employees are also bringing potentially harmful content onto the corporate network:
- 27 percent reported that they had caught employees downloading pirated material on work devices
- 21 percent saying they had caught employees visiting adult sites at work
- 21 percent said employees had bypassed web security to access blacklisted sites on the company network
Interestingly, when they were asked, security professionals also admitted that they too were guilty of bending the rules and best practices of online employee behaviour, including: using entertainment streaming services at work (22 percent), using work credentials for personal accounts such as e-commerce sites (22 percent), downloading pirated content (17 percent) and even visiting adult sites at work (11 percent).
Ed Macnair, CEO of Censornet commented:
“Due to flexible working hours and more relaxed access policies on work laptops, the boundaries between work-life activities have become blurred – for everyone. We were quite shocked to find that even the security employees themselves had admitted to breaking some of the cardinal rules of web security. However, at this uniquely challenging time, with an unprecedented shift to new IT practices and COVID-related cyber attacks – trying to mitigate the dangerous actions of employees is not an added complexity the security team needs. If these bad practices are left unchecked, it is ultimately the security team’s job that is made harder.”
Employees need support in best practices in the cloud
An even higher percentage (76 percent) reported employee behaviour in the cloud that could be putting their company at risk. The most common (41 percent) was employees using the same password across multiple accounts. However, more serious incidents included:
- 33 percent caught employees storing sensitive data in the cloud without the proper protection in place
- 26 percent have found employees sharing links to documents in the cloud to third parties without authorisation
- 23 percent reported that employees had shared their cloud service logins with other people
Macnair continued:
“Cloud services are now ubiquitous, used by almost all organisations, and yet they are often a blind spot when it comes to security. The higher rate of dangerous behaviour demonstrates that employees do not recognise that – by failing to put proper security protection in place and sharing access with people outside of their organisation – they are either accidentally or intentionally creating security breaches and data leaks. We see major data breaches due to misconfigured cloud services in the news almost weekly. These have very real consequences: financial loss, legal and regulatory action, and – ultimately – customer attrition. Companies and their employees have to take these breaches incredibly seriously.”
A false sense of cyber security?
In spite of these findings, the survey also discovered that cyber security staff appeared to underestimate the risk that these activities posed to their organisation’s security:
- 91 percent of respondents believe that their cloud security solutions are adequately protecting people at home
- 91 percent also believe that their organisation’s cyber security strategy was prepared to support their colleagues working from home
Macnair concluded:
“Since the COVID-19 lockdown began, security and IT professionals across the globe have risen to face extraordinary challenges. Whilst it’s positive to see so many professionals confident that their cloud security solutions are protecting their workforces, our research shows a disconnect between the perception of how well-protected an organisation is when employees are working remotely and the hard truth behind the risks they face. It appears that security professionals are not taking dangerous employee behaviours into account.
“As we move forward, it’s important to ensure that the confidence professionals have in their security solutions is aligned with reality. With remote working looking like it will continue well into the future, and the pace of cyber crime showing no signs of slowing down, it’s so important that organisations carve out time to review the effectiveness, context and relevance of the security solutions they have in place. Misplaced confidence can have detrimental effects on the integrity and security of an organisation, and without additional layers of protection, you can’t guarantee that public cloud platforms will protect you from advanced threats.”
For the full results and recommendations on how to protect against security threats in lockdown please download the full report here: Empowering the People: Critical Security Challenges of 2020