“The State of Remote Work” report shows that 32% of remote workers use apps or software for work that are not approved by IT; organizations are more vulnerable as the attack surface has left the building
Lookout, Inc., released its new report, “The State of Remote Work Security,” to help raise awareness amongst IT and security leaders about the growing threats associated with remote work and bring your own device (BYOD) policies. Survey results show that with remote and hybrid working, personal and work tasks blur together and the boundaries between the two have become more porous. Lookout data shows that 32% of remote and hybrid workers use apps or software not approved by IT and 92% of remote employees perform work tasks on their personal tablet or smartphone devices. These devices, apps and software, along with the corporate data being accessed, are not visible to IT, thereby dramatically increasing an organization’s risk posture. The report was released today on the first-ever Lookout World Cloud Security Day.
The modern office no longer exists within the traditional security perimeter
The cloud has become a crucial backbone for most organizations. In 2020, 61% of businesses in the U.S. migrated their workloads to the cloud – triggered by the global pandemic and the need to quickly support remote work – and as of 2022, 60% of all corporate data was stored in the cloud. While providing employees with remote access to corporate data in the cloud provides flexibility and potential boosts to productivity, this coupled with BYOD can also increase an organization’s exposure to risk. Because these devices are most likely not managed by IT, organizations have little visibility or control over potential threats such as operating system and app vulnerabilities, the types of apps that have access to corporate data, as well as phishing attempts. As organizations continue to move their apps to the cloud, IT needs to move beyond providing access to users based on device posture and instead address how they can extend access control policies to ensure secure usage of corporate data stored in these apps.
Remote employees less likely to follow data security best practices
Additional report findings include the following remote worker behaviors that create increased data security risks to organizations:
- 90% access corporate networks from areas other than their home, with an average of five different locations – this introduces security risks as company data could be exposed across multiple networks not monitored by IT.
- 46% have saved a work file onto their personal device instead of their employer’s network drive – personal device OSs are far more likely to be out of date which means they are not protected against the latest vulnerability exploits and malware.
- Nearly one in three remote employees work more than 20 hours per week on their personal tablet or smartphone device – personal devices often have dozens of unsanctioned apps that threat actors use as avenues for their phishing attacks.
- 45% use the same password for work and personal accounts – reusing passwords exposes a user’s accounts to cybercriminals, which increases the risk of identity theft as well as sensitive data theft from their organization.
All of these behaviors point to the need for organizations to have a completely new approach to security so that it keeps pace with the way remote users access data and collaborate with each other.
“The rise of remote work has led to more opportunities and flexibility for a great deal of people, but unfortunately it has also resulted in a massive expansion of the corporate attack surface,” said Sundaram Lakshmanan, chief technology officer, Lookout. “IT teams don’t have control over the networks from which their employees connect most of the time, which exposes both the users and corporate data to both internal and external threats exponentially. Lookout provides tools that enable organizations to protect their users and devices, along with enforcing adaptive security policies to protect access to data stored in these corporate apps, from both internal and external threats. This is the motivation behind the Lookout World Cloud Security Day – addressing this change is essential for any organization that has a fully remote or hybrid work environment.”
The State of Remote Work Security report from Lookout is based on a survey of 3,000 remote and hybrid workers from enterprise companies in the United States, United Kingdom, France and Germany.