A report by Sectigo looks at how companies have modified their cybersecurity, compliance and digital identity practices for our suddenly evolved workspaces. Tim Callan, Senior Fellow, Sectigo explains how working from home has changed the cybersecurity landscape.
COVID-19 and the ‘new business normal’ has transformed enterprise IT and cybersecurity practices more than any other event in the last decade.
Until very recently, many IT departments could rely on the fact that employees were primarily accessing sensitive data and systems from company-controlled computers using bespoke network access points like on-premises Wi-Fi. But the global pandemic forced IT workers to work from home almost instantly, necessitating the immediate setup of secure remote access to systems and data for a previously unimagined number of people.
This massive shift to work from home (WFH) has forced companies to examine and often update how they control and monitor access for remote workers and devices. To assess this changing security landscape, Sectigo carried out the 2020 Work from Home IT Impact Study, which looks at how companies have modified their cybersecurity, compliance and digital identity practices for our suddenly evolved workspaces. The survey, conducted by Wakefield Research, polled 500 IT professionals at companies with at least 1,000 employees in the UK, US, Canada, Germany, France and Ireland. The sample included a statistically significant number of UK-based IT professionals, which gives us the opportunity to zero in on effects in the United Kingdom.
Though the transition was stressful for many companies, the research shows that the sudden wave of remote workers actually strengthened employee productivity and overall IT security for the long term, setting companies up for increased remote work in the future.
Positive effects on productivity
We all know the sole driver for wide scale WFH was to keep employees productive while protecting them from the spread of COVID-19. Nonetheless, the data show that this change drove significant enhancements to companies’ overall performance. Though nearly two thirds (62%) of companies did not start out with the ability to enable ubiquitous employee WFH, 62% managed to get their employees fully set up within one week. To do so, 36% made rapid investments in systems, while 21% made use of existing systems that they already owned.
More than half (53%) of UK survey respondents report that employee productivity increased as a result of widespread WFH, while only 12% feel that productivity decreased. Those of us who already were members of the remote workforce understand why: the ability to cut out distractions and focus on important work, the removal of long commutes that drain both time and energy and more flexible work hours that fit into other aspects of our lives are big contributors. This research confirms that for a large portion of desk workers these same patterns hold true.
In fact, globally among C-level executives, the statistics are even more compelling, with 63% stating that productivity has increased. Seventy-three percent of UK respondents further state that the move from home increased their overall data security practices. Perhaps it is no surprise, therefore, that 65% of UK respondents professionals expect their employees to work from home in greater numbers even after the pandemic is over.
Transitional consequences and a paradox of postures
The benefits of widespread remote work, however, comes at a cost. Thirty-six percent of UK companies had to delay revenue generating activities for at least a month as they shifted IT focus to enabling secure WFH, and 45% had to delay cybersecurity initiatives for a month or more for the same reason. These delays have real impact. Loss of revenue is perhaps the most easily apparent consequence, but the delay of cybersecurity initiatives could mean the difference between a breach occurring or not, potentially outweighing the cost of lost revenue many times over.
Although IT executives report feeling that overall security has increased, the research reveals important risk areas that still remain. New attacks like Zoom-bombing have made plenty of headlines, but IT professionals are paying greater attention to more traditional threats like phishing and other malicious emails (47% of respondents concerned, as opposed to only 33% for Zoom bombing). Nonetheless, a mere 12% of UK companies are using S/MIME certificates to identify and encrypt email; below the global average of 17%.
Nearly half of UK IT professionals also worry about the security of employees’ home Wi-Fi networks (48%), and more than a quarter express concern about employees’ use of unknown personal computers or mobile devices (27%). Perhaps more worrying is the continued use of outdated, weak or inefficient user authentication methods. Strong, modern authentication technologies such as user identity certificates (58%) and biometrics (26%) see less use than problematic authentication schemes, such as simple username and password (74%) and hardware tokens (68%).
Despite these clear vulnerabilities, two thirds of UK IT professionals believe their companies are investing ‘the right amount’ in cybersecurity today, with a surprising 21% opining that their companies are spending ‘too much’. Fortunately, 95% expect to undertake additional measures in the next twelve months to improve security and Business Continuity. More than half expect that by the time workers are able to return to the office that data and application security will have increased over what they were before COVID-19 struck.
The big picture revealed by this research is that UK companies on the whole have effectively enabled WFH and have taken advantage of that initiative to improve their productivity and security. However, we still have a way to go. As they work through their initial projects to optimise remote work, IT pros need to continue improving their use of secure user authentication technology lest they remain exposed to malicious intrusions through their widespread WFH practices.Click below to share this article