A third of cyber attacks exploit unsecure remote working

Man works remotely on a laptop
(Image credit: Shutterstock)

A third of all UK businesses have suffered cyber attacks as a direct result of its employees working remotely, according to new research from CybSafe.

The research from the cyber security and data analytics firm suggests that, despite a rise in the number of people working remotely, businesses aren't adapting their security practices or policies to account for it. A quarter of survey respondents have not implemented basic security precautions, such as installing antivirus software, and 30% don't have any measures in place to restrict files access.

In a survey commissioned by CybSafe, 80% of all UK businesses have seen a rise in remote working over the past 2 years, which echoes a 2016 report by the Trades Union Congress (TUC) which found a 19% rise in nationwide remote working in the past decade.

Of those businesses surveyed, 32% said they had suffered a cyber attack in the past 12 months as a direct result of an employee working remotely and outside of the organisation's security perimeter.

"While remote working has the potential to be hugely beneficial to businesses, the threat of related data breaches is being seriously underestimated," said Oz Alashe, CEO and founder of CybSafe. "Most business leaders assume that their people know how to work safely when working remotely but the number of data breaches caused by staff working remotely and the lack of training indicates that this isn't the case."

The research suggests that the key decision makers in businesses are overconfident when it comes to remote working, with three-quarters of survey respondents believing their employees had enough knowledge of the risks of telecommuting. It was also found that only half of those surveyed had offered any kind of formal security training to employees.

Alashe argues that firms "need to properly recognise the security challenges of the mobile professional and take a proactive approach.

"Training staff so they recognise and deal with threats at work, on the go, and at home [is] important."

Part of the problem is that many people work remotely even when they spend most of the time in the office, even if they don't realise it.

"We work on the train, in coffee shops, and even walking down the street. The way we work as a nation has changed dramatically over the course of just a decade," said Alashe. "How businesses manage cyber security and training must reflect our lifestyles, and help us develop good habits so we can avoid becoming victims."

This shouldn't come as news to business leaders anyway, back in 2008 we reported on similar research which showed that 92% of surveyed employees were accessing business-sensitive information remotely at least once in a six-month period. It was claimed that this has led remote working to be the most vulnerable part of network security.

Connor Jones
News and Analysis Editor

Connor Jones has been at the forefront of global cyber security news coverage for the past few years, breaking developments on major stories such as LockBit’s ransomware attack on Royal Mail International, and many others. He has also made sporadic appearances on the ITPro Podcast discussing topics from home desk setups all the way to hacking systems using prosthetic limbs. He has a master’s degree in Magazine Journalism from the University of Sheffield, and has previously written for the likes of Red Bull Esports and UNILAD tech during his career that started in 2015.