CDSA

IBM Security: New Work-From Employees Pose Security Risk

Before COVID-19 sent employees out of offices and into their homes to get work done, roughly four out of five workers had either rarely worked from home or not at all before the pandemic. And more than half of those continuing to work from home are doing so with no new security policies in place.

Those are the concerning findings out of a new IBM Security study, which sees this massive shift to working from home exposing employees — and their companies — to new security risks, with nearly 50% of at-home employees saying they’re worried about cyberthreats in their home offices.

The “IBM Security Work from Home Survey” surveyed more than 2,000 newly remote-working Americans, with a vast majority of those saying they’ll continue working from home through the rest of the year, with companies continuing to play catch-up in managing security risks of rushed remote-work models.

“Organizations need to use a risk-based approach with work-from-home models, then reassess and build from the ground up,” said Charles Henderson, global partner and head of IBM X-Force Red. “Working from home is going to be a long-lasting reality within many organizations, and the security assumptions we once relied on in our traditional offices may not be enough as our workforce transitions to new, less controlled surroundings.”

The survey results will see IBM Security expand its security testing practice to help companies identify security issues for remote workers, covering systems that may risk exposure of intellectual property, client and employee data, collaboration tools, and file sharing platforms, Henderson added.

The report found optimism among new work-from-home employees, with 93% saying they were confident in their company’s ability to keep personally identifiable information secure. However, 52% of respondents said they were using their personal laptops for work, usually with no security tools, and 45% said they haven’t received any new training.

More than 50% of respondents said they’re unaware of any new company policies related to customer data handling, password management and other sensitive security data areas.