IBM Security: Cyber Threats High for Those New to Working from Home

Those new to working from home face escalating security threats with little in place to stop them.

That’s according to IBM Security‘s latest study focused on the behaviors and security risks of those new to working from home during the COVID-19 pandemic. The survey includes responses from more than 2,000 newly working remotely Americans.

More than 80% of respondents either rarely worked from home or not at all prior to the pandemic. As a result, more than half now do so with no new security policies to help guide them.

This shift has left nearly 50% of those employees worried about impending cyber threats in their new home office settings.

Charles Henderson is global partner and head of X-Force Red at IBM. He said what’s most surprising is employees’ confidence in their employers’ ability to handle secure remote workforces.

IBM’s Charles Henderson

“For example, 93% are confident their employer can secure sensitive data remotely,” he said. “But this paints a different picture when you consider the 52% that say they’re using their own laptops for work, with no tools to secure them, in addition to the 45% who haven’t received any new work from [home] training. Even more concerning, more than half aren’t concerned about security risks while working from home at all, evidence many aren’t understanding the gravity of our current situation.”

Old Rules Don’t Apply

Employees expect their organizations to handle the pivot to a remote workforce based a traditional office setting, Henderson said. But they don’t realize that the same rules don’t apply. And their companies aren’t giving them the tools or resources to securely make the jump to remote work.

More than half have not been provided with new guidelines for handling highly regulated personally identifiable information (PII) while working from home. This is despite more than 42% of people who manage PII now do so at home.

More than half of respondents don’t know of any new company policies for handling customer data, password management and more. And two in three (66%) don’t have new password management guidelines. That could be why 35% are still reusing passwords for business accounts.

“There is a tremendous opportunity here for security providers to recalibrate how they deliver services,” Henderson said. “For example, my team has adapted all our traditional practices to factor in work-from home-models for security testing. Areas like ensuring employees have the right guidelines and tools to properly secure activities like sensitive data handling, conducting video conferences, and device management have become a priority. Our clients are coming to the same conclusion. The same security assumptions they made in controlled office environments [won’t] cut it when it comes to a dispersed remote workforce.”

The pandemic is a “feeding ground” for cybercriminals, he said.

“They’re leveraging our current climate and weaknesses for their advantage,” Henderson said. “This was made apparent when IBM observed a more than 6,000% increase in COVID-19 related spam, and when things like video conferencing issues were making headlines. Cybercriminals are looking for security gaps now that our day to day has changed dramatically, and the rapid work-from-home shift is the perfect opportunity as companies are still working to navigate new surroundings and aren’t able to lean on their traditional security practices.”