BLOG: Remote Working Causing Data Breach Fatigue

At a time when data security needs to be taken more seriously, we are living in a time with an oversaturated list of possible risks given that many of us are working remotely. 1 in 3 UK workers currently based exclusively at home, (this is the same level in the US ), remote working on a large scale consistently proves to be a difficult area for the IT and cybersecurity bosses of companies large and small around the world. Studies have shown that many firms are not taking the issue as seriously as they should.

According to a recent survey according to a recent survey by legal firm Hayes Connor Solicitors., one in five UK home workers has received no training on cyber-security. Another finding was 2 out of 3 employees who printed potentially sensitive work documents at home admitted to putting the papers in their bins without shredding them first.

A year on we are still facing cyberattacks remotely and there is cyber breach fatigue, after so many major breaches, a sense of complacency has taken hold. This comes as no surprise because, according to the Privacy Rights Clearinghouse, 9,033 data breaches have been made public since 2005, or about 1.77 breaches a day, on average.

The idea of breach fatigue among consumers has been widely discussed, but it exists within organisations and businesses as well, it presents a clear issue as stressed employees are behind 4 in 10 data breaches and, a separate UK study last year found that cyber managers believe that remote workers will expose their firm to the risk of a data breach.

Employees and leaders who experience breach fatigue can leave an organisation open to insider threats, ineffective security strategies, and other vulnerabilities. senior associate at Hayes Connor, Christine Sabino says “In the rush and panic to set remote working practices up, even simple data protection practices were ignored. Companies did not provide additional security relating to computers, electronic communication, phone communication.”

Ted Harrington, a San Diego-based cyber-security specialist, and author of Hackable: How To Do Application Security Right, says firms should have started by giving all home workers a dedicated work laptop. While many larger companies may well have done this, not all smaller firms necessarily have the resources to do so, but Mr Harrington emphasises the importance in doing so. He advises that organisations should supply staff with laptops and other equipment that are owned, controlled and configured by the company, for instance shredders. Doing this alleviates the burden on your people to set things up right, and ensures that employees follow the security protocols the company wants and needs.

Sam Grubb, an Arkansas-based cyber-security consultant, and author of the forthcoming book ‘How Cybersecurity Really Works’ says that employees should not be using their personal computers for work-based duties, he states that “the main problem with using your own computer to do work is that you are not limited in what you can do on it, nor are you necessarily the only one that uses it”.

“This makes it much easier for malware or other attacks to happen. This might affect the work you are doing, or in a worst-case scenario, lead to the compromise of co-workers’ devices, or other company devices such as servers.”

Mr. Harrington says that the next step is that companies must set up a VPN or virtual private network, so that remote computers have secure and encrypted connections with the firm’s servers and everyone else in the company.

Despite the correct steps being taken by organisations such as work laptops, VPNs, and the latest cyber-security software systems in place, staff can still make damaging mistakes, such as falling prey to a phishing email (to read our blog on phishing, click here)

Currently, there are numerous scam emails circulating, individuals are pretending to be informing the targeted person that they have been exposed to Covid-19, or invited to have the vaccine. They ask the recipient to click on the link, which then tries to download malware onto the targeted computing system.

Based on these findings, employees need to receive up to date cyber-security training on the threats that the business may face. If cyber-attacks and data breaches occur, employees must know whom to contact, and that their outreach is welcome and won’t result in termination.