Remote Workforce Cybersecurity Concerns Hit New High

Results of the 2021 Unisys Security Index are in, and they point to a high level of stress concerning rising cybercrime. 62% of global respondents are seriously concerned about identity fraud, up 5% from 2020. Also, 60% are concerned about bank card fraud, up 4% from 2020. Findings also show a lack of awareness when it comes to specific attack types and prevention methods — most users are unaware of modern attacks and scams, such as SIM jacking, PAC fraud, and SMS phishing.

Throughout the pandemic, we have noticed a particular uptick in cybersecurity threats. For example, a Salt Labs report found malicious API traffic rose about 350% over six months in 2021. The pandemic also ushered in remote work, creating a new dilemma for CISOs in how they balance security and productivity with a house-bound workforce. Those working in remote environments with little security awareness could not only put themselves at risk but place their teammates and employers at risk too. More often than not, distributed employees use software unsanctioned by IT, and expect autonomy with little to no monitoring of their technological use.

Conducted 18 months into the pandemic, the global 2021 Unisys Security Index™ surveyed 11,000 people on consumer security and privacy concerns. It also sheds light on employee preferences regarding IT control over remote work. Below, I’ll review the key takeaways from the report and consider how organizations can mitigate these realities to help retain a stable hybrid business.

Mounting Concerns Over Digital Fraud

In our climate of increasing cyberattacks and scams, nearly all users have had a run-in with malicious behavior at some point in time. As such, 57% of respondents are seriously concerned about hacking and viruses, a six-point increase from 2020. Studies show that cloud-delivered malware, such infected Office Doc downloads, are surprisingly still as rampant as ever.

61% say they are wary of clicking on links in a text message, email, or social application. These fears are rightly so, as phishing attacks account for more than 80% of reported security incidents. For example, in recent weeks, a major phishing scam known as the “hours to make” con has become viral on social media messaging, tricking users into divulging account information. Account takeover can be detrimental for high-value profiles and lead to pricey demands to regain access.

51% of respondents say they are seriously concerned about online shopping. Sites that process payments may store personal financial information — a hot target for data exfiltration. Access to sensitive information such as credit card numbers could be used to steal user identify — thus, online spaces that accept transactions are especially prone to attack.

Security Repercussions of Remote Work

Many of the new hybrid and fully remote work environments are here to say. And management realizes the benefits of this change. 83% of employers find that the shift to remote work has been successful for their company, says the report. However, these advances do bring unintended consequences around security and data privacy.

The most apparent result is a lack of control around provisioning new software for company-issued and personal devices. 45% of employees say they have utilized non-company authorized software. This encompasses mobile, PC, and cloud-based tools. When asked why, 42% say they use the tools for personal life, and 42% say the tools are better than those provided by their company. 38% also said they downloaded unsolicited tools simply because they needed them to do their job.

“This highlights the extent to which users are looking for consumer-friendly services and apps, including at work,” said Leon Sayers, director of Advisory at Unisys Asia Pacific. “And sometimes, the business apps just don’t cut it.”

In the new remote work era, installing unapproved third-party software on work devices poses inherent security risks that arguably go beyond the pre-pandemic Bring-Your-Own-Device (BYOD) concerns. Yet, too much oversight here would harm the employee experience, since most employees are not interested in allowing their company to monitor their activities.

Out of monitoring actives, 40% are ok with employers monitoring login and logout times. But, acceptance drops sharply for screen monitoring and microphone monitoring. Only 28% are ok with webcam monitoring during video conferencing, and only 27% are ok with web browser monitoring.

Remote workers expect autonomy and respect. They are similarly apprehensive about sharing personal data such as medical history and location data. Of these personal data statistics, the highest approval rate was for vaccination status. 53% are open to sharing vaccination status to ensure a safe and healthy working environment.

Employees Lack Mobile Security Awareness

Throughout the pandemic, workday mobile usage climbed. Mobile devices are becoming a more frequent attack target, yet employees are largely unaware of the modern mobile attack types. For example, 76% are unaware of SIM jacking or PAC fraud, when a scammer can access your phone from theirs. And, 56% say they are unfamiliar with the threat of SMS phishing. Social engineering tactics often pose as trusted authorities over SMS to steal credentials.

“It’s likely that most haven’t thought about the security risks of ad-hoc and personally-preferred software and applications. What began as BYOD (personally-preferred devices like iPhones) has grown into the apps, services, social and gaming environments,” said Gene Chao, senior vice president and general manager, Enterprise Computing Solutions and Cybersecurity Solutions, Unisys. “But as nearly half of employees download unauthorized tools and software as our personal and professional lives weave into each other, it means that malware or viruses can enter work networks, oftentimes with little or no record of a breach. That’s a big problem.”

With advances in computing power and more frequent usage of mobile devices for things like multi-authentication, users have become accustomed to shifting more credentials and company account access to mobile. And compromised mobile devices could easily offer hackers a doorway to internal networks. Though 54% of employees are just as careful on mobile devices as on PCs, it still leaves a hefty percent of users seemingly less aware of mobile threats.

Another report recently found that nearly 80% of employees lack confidence in their company’s cybersecurity posture. While this will likely influence a greater security investment into the coming year, interestingly, the majority of remote employees don’t hold their company liable for cybersecurity. 62% consider it their own responsibility to keep their personal data safe and secure while working from home.

Reversing Insecure Cultures

The consumerization of IT has had made technology more pervasive, intertwining our digital personal and work lives. Yet, unfortunately, secure design is not the norm in most organizations.

An Invicti study recently found that 45% of development teams frequently complete projects without carrying out all the necessary security steps. Lacking an apparent security culture can naturally lead to less secure software development. But it can also limit overall security awareness and stunt remediation. 76% of employees do not know where to report scams if they were to be victimized, found the Unisys study.

It’s clear that to advance security, more knowledge sharing is required. In addition, Unisys recommends the following steps:

  1. Balance security with a positive employee digital experience
  2. Protect the clouds
  3. Use transparency to build trust
  4. Build security controls into your network
  5. Increased security training

The 2021 Unisys Security Index™ is a 15-year-running snapshot of consumer security concerns conducted globally. To view the complete 2021 report, check it out here. The full report expands on the data presented in this article and showcases granular regional and age differences.