Remote employees pose a security risk, says IBM Security

X-Force Red is helping companies improve work-from-home security

IBM building made from brick

Over 80% of workers forced to work from home due to the coronavirus outbreak either never or rarely worked from home before, according to an IBM Security study.

More than half of survey participants have no new security policies for working from home, which has exposed them to security risks and left them worried about potential cyberthreats in their home office.

More than 50% of US employees are working from home, and many will continue to do so through 2020 and into the foreseeable future. As a result, many companies are trying to deal with the security risks involved with remote work. 

Many business activities that occurred with protected and monitored office environments have transitioned to less secure home environments. For example, some customer service agents are working with sensitive customer data from insecure home offices.

IBM X-Force Red is expanding its security testing efforts to help organizations design secure frameworks that address security issues with employees working remotely. The practice will examine systems that expose intellectual property, and client and employee data to security risks, including video conferencing, file sharing and other collaborative platforms.

The practice will include conducting remote work adversary simulations, work-from-home application penetration testing and phishing exercises.

"Organizations need to use a risk-based approach with work-from-home models, then reassess and build from the ground up," said Charles Henderson, global partner and head of IBM X-Force Red. "Working from home is going to be a long-lasting reality within many organizations, and the security assumptions we once relied on in our traditional offices may not be enough as our workforce transitions to new, less controlled surroundings." 

The IBM Security Work from Home Survey, which was conducted by Morning Consult, collected responses from over 2,000 US employees who were new to working from home. The survey found the following:

  • Of employees new to working from home, 93% are confident their companies will keep personally identifiable information (PII) secure. However, 52% are working from personal laptops without new security tools, and 43% haven’t been trained with new security guidelines.
  • More than half of those employees haven’t received guidelines on handling highly regulated PII, despite over 42% of them working with PII as part of their duties.
  • Over half are not aware of new company policies on handling customer data, managing passwords or other security issues.
  • Over 50% of respondents are using their own computers to do business work, while 61% have not received security tools to protect their devices.
  • Two-thirds of employees don’t have new password-management guidelines, while 35% are reusing personal passwords for business accounts.
Featured Resources

Unlocking collaboration: Making software work better together

How to improve collaboration and agility with the right tech

Download now

Four steps to field service excellence

How to thrive in the experience economy

Download now

Six things a developer should know about Postgres

Why enterprises are choosing PostgreSQL

Download now

The path to CX excellence for B2B services

The four stages to thrive in the experience economy

Download now

Recommended

IBM, Red Hat and Cobuilder reconnect fragmented supply chains
supply chain management (SCM)

IBM, Red Hat and Cobuilder reconnect fragmented supply chains

14 Apr 2021
IBM's infrastructure services spin-off to be named Kyndryl
Business operations

IBM's infrastructure services spin-off to be named Kyndryl

13 Apr 2021
IBM’s public cloud for banking is now generally available
public cloud

IBM’s public cloud for banking is now generally available

7 Apr 2021
The IT Pro Podcast: Hail to the IBM
Business strategy

The IT Pro Podcast: Hail to the IBM

2 Apr 2021

Most Popular

Microsoft is submerging servers in boiling liquid to prevent Teams outages
data centres

Microsoft is submerging servers in boiling liquid to prevent Teams outages

7 Apr 2021
University of Hertfordshire's entire IT system offline after cyber attack
cyber attacks

University of Hertfordshire's entire IT system offline after cyber attack

15 Apr 2021
Xiaomi Redmi Note 10 Pro review: Champagne tastes on a lemonade budget
Mobile Phones

Xiaomi Redmi Note 10 Pro review: Champagne tastes on a lemonade budget

13 Apr 2021