More employees are working from home amidst the global pandemic, but a majority do so without proper training on how to ensure they can keep their organisation safe. More than half are using their personal devices to carry out work tasks, even as they believe these devices are not fully secure against advanced security threats.
And this is despite 54% of these employees believing their organisations are more likely to experience a serious cyberattack during the COVID-19 pandemic than they would before the outbreak, according to findings from CrowdStrike's 2020 Work Security Index. Conducted by YouGov, the online study polled 4,048 senior decision makers globally including 1,780 from four Asia-Pacific markets: 252 from Singapore, 526 in India, 502 from Japan, and 500 in Australia.
The report confirmed that 59% of respondents across this region now were working remotely more often than they did before due to the pandemic, with 74% in Singapore and 69% in India doing so.
Some 62% across the four markets were using their personal devices, including mobile devices and laptops, to carry out work tasks whilst working remotely, while 86% did so with a mix of both company-issued and personal devices. Some 70% in Singapore and 72% in India were using their personal devices to perform work duties, while 62% in Australia and a lower 47% in Japan did likewise.
And these employees did so whilst believing their devices were not fully secure against advanced cyber risks. Some 65% in Japan perceived their devices to be "somewhat secure" but 16% said devices they used to work from home were "not very secure" or "not secure at all".
Some 54% of their Australian counterparts felt these devices were "somewhat secure", while 7% believed they were "not very secure" or "not secure at all".
In Singapore, 12% said devices they used to work from home were not very secure or not at all secured, while 56% described these as somewhat secure against advanced cyber threats.
In comparison, Indian employees were an optimistic lot, with 58% believing the devices they used to work from home to be "very secure" against advanced cyber risks. They would need to hold on to this belief since 61% felt their organisations were more likely to experience a serious cyber attack during the COVID-19 pandemic than they did before the outbreak.
This figure was the highest amongst the four Asia-Pacific markets, where 57% in Japan, 49% in Singapore, and 47% in Australia believed their company would likely come under a serious cyber attack during the pandemic. These numbers also were higher than the 41% in the US and 32% in the UK.
However, across Asia-Pacific, 45% said their organisation did not provide employees with additional training on dealing with cybersecurity risks associated with working from home. Some 60% in Japan said they did not receive extra training, while 48% in Australia, 40% in Singapore, and 36% in India said likewise.
CrowdStrike's Asia-Pacific Japan vice president of engineering Sherif El Nabawi said: "With telecommuting still highly encouraged despite the easing of various countries' lockdown measures, unresolved cybersecurity risks from the initial shift to remote work will be carried forward and continue to present more opportunities for cyber adversaries."
He noted that employees who tapped their own devices to conduct work tasks brought increased risks, as compromised personal devices could jeopardise their company's network. "These include employees inadvertently introducing malicious code when they move work-related files and documents between personal and corporate devices and networks," Nabawi said. "Personal or home internet connections are also more vulnerable to threat activity, making remote workers a potential threat to sensitive company information."
"Organisations must, therefore, update their cybersecurity policies to factor in remote working. This includes planning for the use of personal devices, secure access for BYOD (Bring-Your-Own-Device) on corporate networks, and leveraging VPNs (virtual private networks) to protect sensitive data accessed through insecure Wi-Fi."
He urged companies to minimise their exposure by ensuring their employees were aware of cyber threats associated with remote work and the importance of maintaining their cyber hygiene. He added that organisations should be prepared with crisis management and incident response plans that could be quickly executed, remotely.