Microsoft Research Reveals Top Digital Security Concerns Amongst Employers and Remote Workers

New research commissioned by Microsoft Ireland reveals that just over one in four (26%) remote workers have experienced a cyber-attack personally, while 45% of employers have asked their employees to use their personal devices for work since the start of the pandemic.

Conducted by Amárach Research, the study surveyed 500 employees and 200 business decision-makers in September 2020 about remote working, digital security behaviours, and the concerns they now face.

This follows on from Microsoft research earlier this year which looked at cyber threats to public and private organisations.  It also updates previous studies conducted by Microsoft in 2018 and 2019, but with an additional focus on the security impact of COVID-19, work-related practises now and in future. That research showed that nearly a quarter of organisations employing over 500 staff did not put any restrictions on employees access when working from home. However, in similar research in 2019, nearly half (49%) of those working from home at least once a week used their personal email account for saving, editing, sending, or sharing work-related documents – 24% reveal that they accidentally shared work-related material with friends and family.

Retrofitting Cybersecurity

The accelerated transition to homeworking is placing pressure on organisations to support the unavoidable blending of personal and professional lives more than ever before. However, this naturally creates new risks, including an increased risk of cyber-attacks. This was reflected in the research which showed that only 17% of remote workers currently believe that the software and technology provided has done enough to protect their data.

This could be in some way due to the pace at which employers had to transition to remote working environments, with 36% of employers admitting they have spent the past few months putting in place the security, privacy, and workplace procedures required for today’s remote working world.

Remote Workers’ Information Protection Concerns

76% of workers were surprised with how well they had adapted to remote working. However, one in five employees feels their data is more vulnerable when working from home due to the absence of regular IT supports. In fact, one in five employees feels their data is more vulnerable when working from home in the absence of normal IT supports.

The research points to some potentially dangerous cybersecurity issues amongst remote workers:

• Personal emails: 30% of workers still use personal email accounts to share confidential work materials.
• Poor Password Hygiene: One-third of workers use the same password to log into work and personal devices.
• Unregulated access: Nearly half (43%) face/navigate no security restrictions when accessing work-related documents and materials remotely.

Employers’ Security Management Concerns

One of the most concerning findings is that organisations are potentially side-stepping their own security procedures in the name of expediency:

• Reactive approach: One-third of employers acknowledge they are exposed since they had to make remote-working decisions and transitions so quickly.
• Lack of devices: 45% of employers have had to ask their employees to use their personal devices for work purposes since the start of the pandemic.
• No remote BYOD policies: 42% of employers are yet to secure those remote employee’s personal devices.

Furthermore, 41% of employers acknowledge it has become increasingly difficult to remain GDPR compliant because of the pandemic.

Evolving threat

These concerns are borne out in Microsoft’s most recent global Digital Defence Report, published in September 2020. The report identified an escalation in both the level and sophistication of attacks. For example:

• Microsoft blocked over 13bn malicious and suspicious emails, out of which more than 1bn were URLs set up for the explicit purpose of phishing credential attacks in 2019.
• Ransomware is the most common reason behind Microsoft’s incident response engagements from October 2019 through July 2020.
• The most common attack techniques used by nation-state actors in the past year are reconnaissance, credential harvesting, malware, and virtual private network (VPN) exploits.
• Internet of Things (IoT) threats are constantly expanding and evolving. The first half of 2020 saw an approximate 35% increase in total attack volume compared to the second half of 2019.

Des Ryan, Solutions Director for Microsoft Ireland, said: “Cyber hackers are opportunistic, skilled, and relentless. They have become adept at evolving their techniques to increase success rates, whether by experimenting with different phishing lures, adjusting the types of attacks they execute or finding new ways to hide their work. While our physical work locations may have changed, our responsibilities in protecting organisational data and complying to data regulations have not.  Now is the time to address this with increased investment in cybersecurity, secure devices, tighter policies, increased support, and education for employees so they can play an important role in not only protecting themselves but also their organisations.” 

Cloud-based Services and hybrid working

When asked about the future, 58%  believe they will have a ‘hybrid workforce’ in future as more staff work from home more of the time and others are in the office. Over half (57%) felt more positive about using cloud-based services, including productivity tools.

Remote Priorities: training, support and investment

However, the research shows that Irish organisations understand there is a gap with 41% admitting they are behind the curve when it comes to having the right digital services and technologies in place to deal with new working realities.

As a result of the move to remote working, employers are focused on investment in digital security. The research found:

• 38% of organisations have already increased the level and detail of cybersecurity training for staff who are working from home.
• A further 52% will prioritise investing in training in 2021.
• 44% of workers would also welcome alternatives to passwords, with biometric verification (fingerprint or facial recognition) being the most popular options._______________________________________________________

More about Irish Tech News and Business Showcase here.
FYI the ROI for you is => Irish Tech News now gets over 1.5 million monthly views, and up to 900k monthly unique visitors, from over 160 countries. We have over 860,000 relevant followers on Twitter on our various accounts & were recently described as Ireland’s leading online tech news site and Ireland’s answer to TechCrunch, so we can offer you a good audience!

Since introducing desktop notifications a short time ago, which notify readers directly in their browser of new articles being published, over 50,000 people have now signed up to receive them ensuring they are instantly kept up to date on all our latest content. Desktop notifications offer a unique method of serving content directly to verified readers and bypass the issue of content getting lost in people’s crowded news feeds.

Drop us a line if you want to be featured, guest post, suggest a possible interview or just let us know what you would like to see more of in our future articles. We’re always open to new and interesting suggestions for informative and different articles.

Contact us, by email, twitter or whatever social media works for you and hopefully, we can share your story too and reach our global audience. We are agile, responsive, quick and talented, we look forward to working with you!

If you would like to have your company featured in the Irish Tech News Business Showcase, get in contact with us at Simon@IrishTechNews.ie or on Twitter: @SimonCocking