According to a recent report from Malwarebytes, one in five companies said they experienced a data breach as a result of employees working from home during COVID-19.
Many of the report’s other numbers are equally concerning. Nearly the same percentage (18%) of those polled admitted that cybersecurity wasn’t a priority at their organization.
Companies that don’t invest in cybersecurity often end up paying the price at a later date, and the cost of a data breach often reaches millions of dollars, so there are major implications to the data.
Malwarebytes surveyed around 200 managers, directors, and executives at several companies across the US, from companies ranging in size from one- or two-hundred employees, to more than five thousand. Though the sample size wasn’t enormous, the percentages from Malwarebytes match up with what people have been saying about work-from-home cybersecurity and privacy over the last several months.
For businesses that have shifted to majority work from home, there’s still time to change policy and tech best practices to create a more secure workplace. And it’s important that they do so, because it’s likely that a large percentage of people continue to work remotely into next year and beyond, regardless of COVID-19.
Data Breaches Have Already Taken a Toll
24% of the polled businesses said they have paid unexpected expenses to address a malware attack or cybersecurity breach since the beginning of shelter-in-place orders this year.
This comes at a time when many businesses’ finances are already stretched thin, with many organizations experiencing hiring freezes and layoffs. Data breaches are an expense many companies can’t afford.
Companies Weren’t Prepared for Work From Home
Obviously, COVID-19 caught everyone by surprise. There’s no way to anticipate a global pandemic.
At the same time, it highlighted the fact that many companies didn’t have the ability to safely adapt to work from home.
Increased remote work was already inevitable. COVID-19 merely sped it up. And while many companies were equipped to deal with the security ramifications of such a change, most weren’t. The Malwarebytes poll found that only 47% of employees felt they’d been trained in WFH best practices.
Cybercrime is Changing Too
Cybercriminals are adapting to remote work. They understand that many companies are now more vulnerable, and have ramped up their attacks as a result, targeting people who are working from home and have access to corporate VPNs and business emails.
They’re also using confusion around COVID-19 to phish for data or spread malware by posing as organizations involved in pandemic recovery, like the US Small Business Administration and UNICEF.
There are Several Facets to Work-from-Home Security
Phishing attacks and malware are serious threats, but there are other, seemingly more benign security concerns.
45% of those polled were concerned that “devices may be more exposed at home, where employees feel safe, but others may have access to their devices and may inadvertently compromise them.” That’s a valid concern. You can remind your employees not to allow their devices to be used by others at home.
36% felt that their cloud collaboration tools weren’t secure. Zoom-bombing was a particular concern. It’s true that Zoom isn’t the most secure option. There are several video conferencing tools, like Signal and WhatsApp, that offer end-to-end encryption that might be more appropriate for your business.
Other tips you can give your employees:
- Be on the lookout for phishing emails
- Enable multi-factor identification
- Use a privacy browser or VPN
- Make sure your anti-malware and antivirus software are up to date
- Don’t use an unsecure wi-fi network
Whatever your specific data breach or privacy concerns, it’s a great time to review your company’s work from home practices, and see what you can do to prevent a breach.