More than one-third of UK employees are less sure of security measures when working from home, while a similar percentage feel that following their employer’s security protocols is less important when working remotely. One in ten either don’t know if their devices are connected securely at home, or admit that they aren’t, according to cyber firm Kaspersky’s research, a survey with more than 240 CISOs – or those in similar executive positions – for companies employing more than 250 people; and an omnibus survey of 2,000 UK adults, working full or part time.
Almost six in ten in security claim they find it difficult to action the guidance provided by security vendors in relation to their business. A similar percentage agree that the information they receive from cybersecurity vendors isn’t even relevant to their organisation in the first place as a result of the communications gap.
A disconnect between vendor provision and enterprise action is equating to an under-prepared or under-informed workforce, at an increasingly critical time, the cyber firm says. As many as 63pc of security people surveyed go on to say that the information being provided by vendors is too complicated to even try and share with their staff. Almost as many state that this complexity is compounded by a lack of time or resource to try and understand and then communicate it to colleagues.
A majority, 58pc of CISOs believing that vendors don’t understand the threats they actually face. The resultant mixture of mistrust at a transaction level and miscommunication on an internal level has severe consequences among the consumer contingent now being left – quite literally – to their own devices. Without adequate training and guidance throughout the chain, more than a quarter of UK employees admit they have bypassed their employer’s security measures to download unauthorised software, while 30pc confirmed they have connected to a mobile hotspot while working from home in order to get around their employer’s security measures.
Comment
David Emm, pictured, Principal Security Researcher at Kaspersky said: “The fact that so many employees feel confident and safe enough to bypass the messages they’re being given by their employers is concerning. It would be easy to attribute the problem to this communication within enterprises, but we shouldn’t overlook the statistics relating to vendor understanding and messaging. If businesses and CISOs don’t feel they are receiving guidance and information that is tailored to their needs and resources, they’re less likely to translate the actual significance of cybersecurity to their colleagues. Given the ongoing reliance on remote working that we’re expecting in 2021, it’s vital that this relationship improves quickly.”
Visit www.kaspersky.com.
