Skip to Main Content

A third of cyber attacks exploit unsecure remote working

Report claims business leaders are failing to educate employees about cyber security risks

A third of all UK businesses have suffered cyber attacks as a direct result of its employees working remotely, according to new research from CybSafe.

The research from the cyber security and data analytics firm suggests that, despite a rise in the number of people working remotely, businesses aren't adapting their security practices or policies to account for it. A quarter of survey respondents have not implemented basic security precautions, such as installing antivirus software, and 30% don't have any measures in place to restrict files access.

In a survey commissioned by CybSafe, 80% of all UK businesses have seen a rise in remote working over the past 2 years, which echoes a 2016 report by the Trades Union Congress (TUC) which found a 19% rise in nationwide remote working in the past decade.

Of those businesses surveyed, 32% said they had suffered a cyber attack in the past 12 months as a direct result of an employee working remotely and outside of the organisation's security perimeter.

"While remote working has the potential to be hugely beneficial to businesses, the threat of related data breaches is being seriously underestimated," said Oz Alashe, CEO and founder of CybSafe. "Most business leaders assume that their people know how to work safely when working remotely – but the number of data breaches caused by staff working remotely and the lack of training indicates that this isn't the case."

The research suggests that the key decision makers in businesses are overconfident when it comes to remote working, with three-quarters of survey respondents believing their employees had enough knowledge of the risks of telecommuting. It was also found that only half of those surveyed had offered any kind of formal security training to employees.

Alashe argues that firms "need to properly recognise the security challenges of the mobile professional and take a proactive approach.

"Training staff so they recognise and deal with threats at work, on the go, and at home [is] important."

Part of the problem is that many people work remotely even when they spend most of the time in the office, even if they don't realise it.

"We work on the train, in coffee shops, and even walking down the street. The way we work as a nation has changed dramatically over the course of just a decade," said Alashe. "How businesses manage cyber security and training must reflect our lifestyles, and help us develop good habits so we can avoid becoming victims."

This shouldn't come as news to business leaders anyway, back in 2008 we reported on similar research which showed that 92% of surveyed employees were accessing business-sensitive information remotely at least once in a six-month period. It was claimed that this has led remote working to be the most vulnerable part of network security.