The data came from a study entitled “Beyond Borders: The Future of Cybersecurity in the New World of Work,” which included more than 1,300 leaders and security executives in addition to remote employees, including 104* participants from Saudi Arabia. When leaders and security officials were asked how confident they are that employees will take adequate measures to protect the organization, 47 percent of them said they were very confident or completely confident. However, talking to remote employees showed different results.
In their response to a question about what is important to them, 85 percent of remote employees said that protecting customer data was new or somewhat important, while 54 percent said they use personal devices to access that information. It is similar to protecting an organization’s intellectual property, with 68 percent of remote employees saying it is important, while 20 percent use personal devices to access it. In fact, only 47 percent of remote workers said that they consistently follow the procedures and measures that ensure the protection of the organization’s data, intellectual property and systems when working from home.
In more detail, only 11 percent of remote workers said they strictly follow guidelines from the organization that prohibit access to systems and data using personal devices. Perhaps most worryingly, 34% of employees said they would ignore or circumvent their organization’s cybersecurity policies if necessary, while 21% said one of the challenges they face is the lack of clarity in their organization’s security policies and practices.
“Employees are looking for the flexibility to work from anywhere, but the real challenge is how to do it securely,” said David Cummins, Vice President EMEA at Tenable. “This study confirms our suspicions, as remote workers are dealing with sensitive corporate information from Their personal devices and unsecured home networks, whether they should or not.Security teams must accept this reality and change their perception of risk, they need to see the entire threat landscape and provide investigative information about the cyber threats that will have the greatest business impact on the organization. They will also have to apply risk criteria that differ from user to user so that they can monitor and verify every attempt to access corporate data, with the ability to reject requests that do not meet the established rules.”