Recent study shows increased breaches in cybersecurity led nearly 40% of UK business decision makers to dismiss staff members since the start of the pandemic
By Andy Heather, VP and managing director – EMEA, Centrify
A recent study of U.K.-based IT security professionals unveiled that 39% of local business decision-makers have admitted to dismissing staff members due to a breach of company cybersecurity policy since the start of the COVID-19 outbreak.
In addition, two-thirds (65%) of companies have made substantial changes to their cybersecurity policy in response to the pandemic and forced remote work shift. Despite this, 58% agreed that employees are more likely to try and circumvent company security practices when working from home – indicating a fundamental flaw in the execution of security measures in a remote-working model.
In addition, 46% of those surveyed have already noted an increase of phishing attacks since implementing a policy of widespread remote working.
Work-from-home Security Trends
In an effort to combat poor security practices from employees, 57% of business decision-makers revealed that they are currently implementing more measures to securely authenticate employees. Such measures include biometric data checks, such as fingerprint and facial recognition technology, and other multi-factor authentication steps when gaining access to certain applications, files, and accounts.
In addition, more than two-thirds (70%) of British businesses are using multi-factor authentication (MFA) and a virtual private network (VPN) to manage the security risks posed by the increase of remote work.
Multi-factor authentication is an authentication method in which a computer user is granted access only after successfully presenting two or more known identity confirmations (such as a password and a code texted to their known phone number, a hardware key, and biometric confirmation like a fingerprint scan, etc.). A VPN, on the other hand, extends a private network across a public network, allowing internet users to protect their location and stay anonymous.
Finally, more than half (55%) of businesses already have, or plan to formally ban staff from using personal devices to work from home.
Many Businesses Skeptical About Increased Security Protocols
Despite the cybersecurity policy issues and threat increases, 43% of individuals believe upping cybersecurity protocols for remote workers will have a negative impact on workplace productivity. Similarly, almost half of the individuals (49%) preferred to remove extra authentication steps for basic apps and data in the workplace, as they felt it adds unnecessary time to procedures.
A Potential Compromise
As a potential alternative or middle ground, 60% of U.K. businesses claim to support biometric data – such as fingerprint or facial recognition identification factors supported by the FIDO2 specification for passwordless authentication – as a suitable replacement to more time-intensive multi-factor authentication to increase productivity. Furthermore, two-thirds (66%) agree that they would feel more secure using fingerprint or facial recognition ID as opposed to a traditional password.
What Does the Data Tell Us?
It’s clear that businesses recognize the risks posed by increased remote working during this difficult time, with the majority opting for multi-factor authentication solutions to verify every user and protect company data. What’s troubling is the other 30% who are not using MFA, which is a security best practice.
Every organization wants to ensure productivity for remote workers, but it cannot come at the expense of proper security. They need to weigh the risks they are facing with these heightened threats very carefully and take any and all measures available to ensure access is granted only to authentic users.
This is especially important for privileged access by IT administrators, many of whom are outsourced third parties with broad entitlements and less restrictive controls. It’s worth requiring the extra few seconds for these users to properly authenticate their identities. As the data indicates, many organizations are looking at more modern factors of authentication such as biometrics that can both increase security and productivity.
We are the Weakest Links
With more people than ever working from home and left to their own devices, it’s inevitable that some will find security workarounds, such as using personal laptops and not changing passwords, in order to maximize productivity. It’s also possible that the changes in security procedures are not being communicated well to employees, and many are practicing unsafe internet usage without even realizing it.
The reality is the weakest link in any organization continues to be the human element. Combatting this issue starts from the top. CIOs and business decision-makers must implement strict and transparent, cloud-enabled, and identity-centric security solutions. This will allow companies to quickly and safely deploy scalable security privileged access management measures, which make it impossible for an employee to access company networks, applications, and data unless they are following correct procedures.
About the Author
Andy is the VP and managing director – EMEA at Centrify. He has over 25 years of IT experience in sales, sales management, engineering, and professional services. At HP Andy was responsible for leading the EMEA sales organization for HP Data security. Previously Andy was VP Sales for EMEA at Voltage Security and has held a number of senior sales management roles at Tripwire, Affiniti, Opsware, NetApp, Sun Microsystems, IBM and HP. Andy can be reached at our company website https://www.centrify.com.