Employees feel ‘new normal’ has left them more vulnerable to cyberthreats

A fifth of employees believe their organisation has held back from modernising its processes with new technologies during the pandemic.

  • Thursday, 17th February 2022 Posted 2 years ago in by Phil Alsop

According to new research published by Advanced, one of the UK’s largest software and services providers, nearly two-thirds (57%) of employees believe that the switch to hybrid working has made them more vulnerable to cyberattacks.

 

Fear of change holding security back

As detailed in the report, 20% of employees feel that their employer is deliberately holding back when it comes to implementing new technologies that might make them feel more secure. Yet, despite this, more than a third (34%) of employees claimed that they would be “concerned” about any changes taking place that might threaten their current working processes.

 

According to the report, it is this fear of adapting to new technologies and processes, among businesses and some of their staff, that has resulted in 62% of employees seeing their current technology limited when it comes to supporting remote or hybrid working.

 

The Advanced 2021/22 Trends Report, which surveyed more than 1,000 employees about their experiences working in a post-pandemic environment, comes amid growing concern over how businesses are adapting security policies and technologies to suit the cultural and practical changes many have undergone to maintain productivity levels during the crisis. Cloud adoption has skyrocketed to cater for a new era of hybrid and remote working, in a change that some analysts believe might now be permanent. While businesses are arguably more agile than they have ever been, they are also more vulnerable, with an increasing number of remote endpoints contributing to a rapidly expanding attack surface area.

 

Embedded security essential for ‘new normal’ productivity

When asked about security, 42% of respondents said that embedded security was the most important form of security when adopting new technologies such as those used in remote working.

 

Justin Young, Director of Security and Compliance at Advanced, said “Cloud-based technology can provide much higher levels of security than on-site, legacy systems, but only when deployed correctly and implemented alongside adequate staff training and knowledge sharing. These findings show that, as well as deploying effective technology solutions, there is more that businesses can and should be doing to prepare, educate and reassure their teams for the ‘new normal’. ”

 

Security as part of a workplace culture

Global consultancy firm, Gartner, published figures at the very beginning of the pandemic that suggested 95% of security failures during 2020 would be down to human error, such as lack of understanding or awareness of security best practices. Advanced’s report suggests that, with hybrid working now a permanent feature of the working landscape rather than a temporary fix to deal with the pandemic, staff education and training is something businesses must tackle head-on.

 

Justin Young, goes on to say “Insider threats – whether negligent, accidental or deliberate – are a huge problem. To manage this business challenge, focusing on one of the most basic aspects of prevention is vital. Employee awareness is the bedrock of any security program and will be the difference between clicking a link and having a breach or, identifying it as suspect, flagging it to your IT provider and sending it to the recycle bin. We can also help our fellow employees more by providing multifactor authentication and reduce the opportunities for little mistakes to become big problems.”

 

The report concludes that effectively implementing cloud-based security is really only half the battle when it comes to increasing a company’s risk posture. Employees need to be educated and prompted when it comes to best practice security hygiene such as changing passwords, securely storing files, enabling automatic security updates and using multi-factor authentication.