A specialist in endpoint and cloud security, today released its new report, The State of Remote Work Security. The company's goal is to educate IT and security leaders about the growing threats associated with telecommuting (remote work) and BYOD (bring your own device) policies.
The results of the study make it clear that in remote and hybrid work, private and professional tasks are merging and the boundaries between the two areas have become more permeable. Lookout data shows that 32 percent of remote and hybrid workers use apps or software that aren't approved by IT. 92 percent of teleworkers complete work tasks on their personal tablet or smartphone devices. These devices, apps and software, as well as the corporate data being accessed, are not visible to the IT department, dramatically increasing the risk for organizations. Lookout released the study report today on the first-ever Lookout World Cloud Security Day.
The modern office outside the security perimeter
The cloud has become an important backbone for most businesses. In 2020, 61 percent of US organizations had moved their workloads to the cloud - prompted by the global pandemic and the need to quickly support remote work. In 2022, 60 percent of all company data will be stored in the cloud.[1]
While remote employee access to corporate data in the cloud offers flexibility and potential productivity gains, it can also increase risk for organizations when combined with BYOD. Because these devices are unlikely to be managed by IT, organizations have little visibility into the devices or control over potential threats. This applies to vulnerabilities in the operating system and apps, as well as the types of apps that have access to company data or phishing attempts. As organizations continue to move their applications to the cloud, IT no longer needs to just grant access to users based on device health. Instead, it must address how to extend access control policies to ensure the secure use of corporate data stored in those applications.
Remote workers and data security
The additional results of the study show that the following behaviors of remote workers pose an increased data security risk for companies:
- 90 percent access corporate networks from locations other than where they live, an average of five different locations. This poses security risks as corporate data could be exposed across multiple networks that are not monitored by the IT department.
- 46 percent have a work file stored on their personal device instead of their employer's network drive. Personal device operating systems are far more likely to be outdated, which means they are not protected against the latest security vulnerabilities and malware.
- Almost one in three Teleworkers use their personal tablet or smartphone more than 20 hours a week for work. Personal devices often host dozens of unauthorized apps that malicious actors can use to launch phishing attacks.
- 45 percent use the same password for work and personal accounts. Due to password reuse, a user's accounts are vulnerable to cybercriminals. This increases the risk of identity theft and sensitive data being stolen from the company.
All of these behaviors show that organizations need a whole new approach to security that keeps up with the way remote users access data and collaborate with one another.
Increasing the attack surface for businesses
"The rise of remote working has brought more choices and flexibility for many people, but unfortunately also a massive increase in the attack surface for businesses," said Sundaram Lakshmanan, Lookout's chief technology officer. “IT teams most of the time have no control over the networks their employees connect from, exponentially exposing both users and corporate data to internal and external threats. Lookout provides tools that enable organizations to protect their users and devices while enforcing adaptive security policies. This allows organizations to protect access to data stored in those business applications from both internal and external threats. This is the motivation behind Lookout World Cloud Security Day – managing this shift is essential for any organization with a fully decentralized or hybrid work environment.”
More at Lookout.com
About Lookout Lookout co-founders John Hering, Kevin Mahaffey, and James Burgess came together in 2007 with the goal of protecting people from the security and privacy risks posed by an increasingly connected world. Even before smartphones were in everyone's pocket, they realized that mobility would have a profound impact on the way we work and live.