A new study from OpenVPN has highlighted that the rise of the remote worker is having an adverse effect on the security of the companies they work for. One in three organizations surveyed reported that they have seen security incidents stemming from employees working outside the office.
The report pins this on several factors, including failings in training, as well as confusion about remote working policies – or a lack of them, altogether.
The benefits of remote work are great, but we can't ignore the changing security practices that come alongside the shift. Here's how it's happening and what your company can do about it.
One In Three Companies Have Seen Remote Security Incidents
A recent study from OpenVPN has found that more than one in three organizations (36%) have dealt with a security incident due to an unsecured remote worker. The findings were based on a survey of 250 IT leaders.
One in three is already a high risk, though the report doesn't clarify just how many incidents each individual operation suffered from.
Given the strong growth of remote work around the globe, workplace security has a growing issue to address. Among the businesses that had faced one of these remote security problems, 68% had experienced one within the past year.
The study's figures are sobering, and reflect that more of us are working remotely now than ever before. Around the globe, 70% of workers now work remotely at least one day a week, while 53% are remote for at least half of their work weeks. That's up from a mere 14% in 2012, and signals a huge shift in how the world works.
“There has absolutely been a growing awareness of a need for better remote worker security over the past few years, as our study shows,” OpenVPN CEO Francis Dinha tells Tech.co. “This in part stems from the growing necessity for remote work itself; it's becoming more and more common for companies to offer remote work as a perk and in fact build teams entirely remotely.”
OpenVPN is an open-source VPN protocol – it's free to connect to, though requires some technical know-how, unless you use another, paid-for VPN service to connect to the OpenVPN protocol.
We Need Smarter Remote Policies
What steps could remote workers, or the companies they work for, take to ensure better security?
On the surface, it looks like companies already have the remote security policies they need. After all, 93% have one such policy in place, and 93% offer some sort of security training to remote employees. Yet once you ask a few more questions, the cracks start to show.
One stat from the study hints at a problem area: During the last year, 24% of the businesses polled by OpenVPN reported that they had not updated their remote work security policies.
In other words, we don't need more policies. We need to be smarter about the ones we already have. Almost half of the IT leaders polled by OpenVPN only “somewhat agree” that remote employees need to adhere to remote work policies, and 44% of companies don’t let IT teams take the lead role when developing their policy.
Best Practices for Remote Security
What's the single biggest issue companies need to improve in remote security? Multi-factor authentication.
“One of the most simple and easily implemented security measures with the highest ROI for companies is to require multi-factor authentication for all users, especially remote employees,” says Dinha. “Since remote company devices are out in the open, weak passwords can be a liability; multi-factor authentication helps to strengthen identity and provide that extra layer of security.”
If your company needs to take a second look at its remote work security protocols, here's a quick list of additional problem areas that you might want to address.
- Create or review remote work policies – Just getting your policy in writing can help to ensure everyone's on the same page and aren't forgetting any essential security practices.
- Let IT take the lead – 44% of companies don't do this with their remote security policies. But, OpenVPN recommends it, saying IT will bring a “truly security-first perspective” to the table.
- Consider cybersecurity training for remote workers – 66% of companies require security training for employees, but just 23% require it more than twice a year. A quick brush-up can't hurt.
- Consider data encryption and password managers – When increasing security, better encryption and passwords are the top ways to improve. One in four employees uses the same password for everything, so, there's a lot of room for improvement.
- Consider a VPN budget – Offering full-timers an annual VPN while giving contractors a monthly stipend to cover their use of a VPN might be a simple way boost remote security.
Remote security concerns are only expected to continue growing in the near future. If you're a company with a thriving remote work culture, it's time to make sure your remote security protocols are fit for purpose.