Security Fridays Week 25Chris Cassell 21/01/2021, Industry News
Remote working, data breaches and the need for employee education
I’ll start with saying I think the title of this particular article is a little unfair “Two-Thirds of Employees Don’t Consider Security Whilst Home Working” suggests that it’s the employees fault and they are ignoring threats. I’d suggest it’s far more likely that given the suddenness that home working was thrust upon most people and the fact that a lot of companies were unprepared for the mass migration of their users to a home working environment it’s much more likely that Two-Thirds of Employees haven’t been trained in security in the home work place. Well it’s likely more than that and those that said they did consider all the angles were fibbing slightly.
However we got to this point though, it’s a fact that a lot of home users don’t consider the additional factors of security in their home environment. In fact due to most people having been used to switching to a different mental mode when they enter a workplace and reverting to a feeling of safety at home it’s likely they forget to consider a number of the rules they used to follow in the office.
I expect that a lot of this was just regarded as acceptable at first due to people thinking this was a temporary situation and we’d all be back to the old ways, as that’s not happening, it’s time that education started to take over again. This is the way things are for the foreseeable future now and people need educating to make sense of it. Most of the issues raised though aren’t anything new, they just need re-enforcing and a lot of them are good to make the users home life more secure as well, no-one should be using unsecured Wi-Fi any more for example in or out of work time.
Considerably more troubling in this article is the fact that 17% of people admit to willfully breaking NDAs by discussing sensitive material with friends and family. That speaks to a desperate need to re-enforce the damage that leaks can cause to businesses and the cost that can occur to employees in the form of lost jobs.
Realistically there’s only one thing that’s needed to fix this. Education- organisations need to change their security policies to account for working from home and they need to train people through a variety of channels including re-certification on policies, webinars and a few tests most likely to make sure it’s sunk in. Like all training it should be periodically repeated as well.
Read the article that was analysed here: https://www.infosecurity-magazine.com/news/two-thirds-employees-security-home/