Technology services provider Probrand has released a study that reveals the security measures taken to protect businesses have not kept up with the evolving threats posed during the pandemic.
With cybercrime surging 72% in the first month of lockdown, Probrand surveyed 123 organisations in both the public and private sector, and found that many businesses have not taken steps to mitigate vulnerabilities associated with the mass shift to home working.
For example, while 62% of businesses said they now allow employees to access corporate data on their own endpoint devices, 39% say they do not, or are unsure if they do, use multi-factor authentication to verify the identification of the end user.
One of the biggest areas of concern, however, was the lack of measures taken to protect data itself. While two thirds (68%) said they encrypt data locally on devices, just 40% encrypt data in transit and only 34% put access control on that data.
Worryingly, almost half of participants (49%) said they would not be able to supply an audit report to say data was safe and secure.
Mark Lomas, technical architect at Probrand commented: ‘‘Most people don’t think about data being the thing that needs to be secured, they focus on the device. They are protecting data while it’s at rest, but data only sits in one place for so long.
“If you give people access to data, there is always a chance that human error could lead to a breach. It just takes one person to email the wrong person or attach the wrong file and your organisation may have inadvertently exposed customer data or personal information.’’
With the majority of staff working from home, Probrand also wanted to know how much control organisations had over devices now being used outside the traditional office space. Almost half (48%) said they can’t, or are unsure if they can, control corporate owned devices remotely.
Mark Lomas adds: “Home working will be a big part of how organisations operate going forward so they need to be looking at cloud solutions, such as mobile device management (MDM), to update the security on the devices used by employees.
“This will ensure all devices accessing corporate data will have the latest antivirus, firewall and software patches in place. They can verify that these updates have happened and validate that things are working as they are supposed to be.’’
Despite some obvious shortcomings, there were areas where organisations performed better. For example, more than four in five (82%) said they have antivirus software in place to protect devices and 79% say they are backing up data so it can be recovered in the event of a disaster.
The Probrand report includes guidance on how organisations can mitigate risk and put measures in place to protect employees, devices and data.
See the full report here.