Three-in-four (73%) employees working from home have not yet received any specific cybersecurity awareness guidance or training to keep themselves secure from risks, a report published by cybersecurity multinational Kaspersky shows.
While it can be more difficult to control the security of corporate information technology (IT) and data remotely, threats remain, the firm points out.
For example, 27% employees say they have received phishing emails related to Covid-19. To avoid such risks, it is important for organisations to educate staff about cybersecurity.
With a massive shift to employees working from home, it is important for businesses to ensure their staff are able to work as they usually would. Keeping employees protected becomes a challenging task, as it takes a lot of resources to enable secure access to services staff regularly need to carry out their jobs well, Kaspersky states.
Establishing effective cybersecurity measures is, therefore, critical, as remote working may also bring new risks such as increased spam and phishing attacks, connecting to compromised WiFi spots or the use of shadow IT (non-endorsed IT resources and tools) by employees, the company highlights.
A survey of 6 000 workers around the world has shown that employers may not be explaining to their employees how to avoid becoming victims of these risks. Many employees have also increased the use of online services for work that were not approved by their IT departments, known as shadow IT, such as video conferencing (70%), instant messengers (60%) or file storage services (53%).
“It is hard to keep things ‘business as usual’ when everything needs to change so dramatically. While employees are trying to get along with the new reality of working from home, IT and cybersecurity teams are under pressure to enable them to continue working safely. Cyber-incidents can only add difficulties to this challenge, so it is important to remain vigilant and ensure remote working is also secure working,” comments Kaspersky senior product marketing manager Andrey Dankevich.
Kaspersky recommends that businesses enable secure remote working for their employees by ensuring their employees know who to contact if they face an IT or security issue.
"Pay special attention to employees that have to work from personal devices – provide them with dedicated policy and security recommendations. Business should also schedule basic security awareness training for employees. This can be done online and should cover essential practices, such as account and password management, email security, endpoint security and Web browsing," says Dankevich.
Additionally, the company advises businesses to take key data-protection measures to safeguard corporate data and devices, including switching on password protection, encrypting work devices and ensuring data is backed up, as well as ensuring that devices, software, applications and services are kept updated with the latest patches.
Business should also install proven protection software on all endpoints, including mobile devices, as it helps to ensure that only approved online services are used for work purposes to reduce the risks of shadow IT.