Remote Work Insecurity: Research Reveals Half of Organizations Experienced Security Incidents While Working Remotely

A new report from Tessian, the email security company, reveals that 75% of IT decision makers believe the future of work will be remote or “hybrid,” with employees choosing to split their time between working in the office and anywhere else they prefer. However, Tessian’s Securing the Future of Hybrid Working report shows the security risks companies must overcome to realize the hybrid work vision and the pressures it puts on IT teams.

Employees are in favor of a hybrid working structure; just 11% of respondents said they’d want to work exclusively in the office post-pandemic, with the average employee wanting to work from home at least two days a week. In fact, one-third said they would not consider working for a company if it didn’t offer remote working. This new way of working may come at the IT department’s expense, though. 85% of IT leaders believe permanent will put more pressure on their teams, while over a third (34%) are worried about their workers becoming stretched too far in terms of time and resource.

Phishing: The Threat of Choice

The majority of IT decision makers (82%) think that employees are at greater risk of phishing attacks when working remotely. Their concerns are valid; over three-quarters (78%) of employees said they received a phishing email while working on their personal laptop between March and July 2020, and 68% admitted to clicking a link or downloading an attachment within that email.

In fact, nearly half of companies surveyed experienced a data breach or security incident between March and July 2020, with half being caused by phishing attacks – making it the leading cause of security incidents during this period of remote working. One-third of IT decision makers also reported an increase in ransomware attacks delivered via phishing emails between March and July 2020 compared to the five months prior, while a quarter (24%) experienced a rise in vishing (voice spear phishing) attacks.

The report reveals that hackers most commonly impersonated software providers in their phishing scams, closely followed by external suppliers and healthcare organizations.

Greater Risk of Insider Threats

In addition to attacks from outsiders, 78% of IT leaders also believe their organization is at greater risk of insider threats, such as employees bringing infected devices or documents into the office or sharing sensitive information with personal accounts, should their company adopt a permanent hybrid working structure. In fact, over a quarter (27%) reported higher rates of security breaches caused by insider threats between March and July 2020.

Channels to Stay Connected

Over half of employees (57%) were more reliant on email as a channel to stay connected with colleagues while working remotely, creating a bigger opportunity for hackers to carry out phishing and impersonation attacks on email. In fact, Tessian detected over 128,000 malicious emails between March and July 2020, when most people were working remotely.

Another 57% of respondents say they rely more on instant messaging platforms to stay connected, while 68% depend more on video conferencing. With some form of remote work here to stay, hackers will continue to find ways to take advantage of the channels people most rely on to advance their scams.

“People don’t want to give up the level of flexibility they have experienced this year, and businesses must transform in order to meet their staff’s expectations,” said Tim Sadler, CEO and co-founder of Tessian. “While it is great for employees, a hybrid way of working actually offers the worst of both worlds for IT teams who have to simultaneously manage and mitigate security risks that occur both in and out of the office, while providing a seamless experience that enables employees to work-from-anywhere.

“With limited resourcing and budget, this isn’t going to be easy. But failure to do so could threaten companies’ security posture and see businesses losing out on talent. Education on the threats people could be exposed to and the threats they pose to company security is an important first step. Businesses also need to invest in solutions that alleviate the pressure on IT teams, providing them with greater visibility into employee behaviors, automating manual tasks and alerting employees to threats to prevent them from causing security incidents before they happen.”

Read Tessian report, in full, here: Securing the Future of Hybrid Working.

About the research
During August 2020, Tessian commissioned OnePoll to survey 250 IT decision makers and 2,000 working professionals: 1,000 in the US and 1,000 in the UK. Survey respondents varied in age from 18-51+, occupied various roles across departments and industries, and worked within organizations ranging in size from 2-1,000+.