The COVID-19 outbreak has forced many
Aussie SMEs into changing their company policies and allowing their staff to
work from home. An unwelcome consequence has been an increase in risky
behaviour by those remote workers using company-issued devices for personal
business.
In a Mimecast survey of over 1000 remote workers across the globe which included small businesses, 78 per cent of Australian remote workers admitted to using their work tools for personal matters – higher than the global average. Over half of those respondents (53 per cent) confirmed that their personal use of work tools had increased since COVID hit.
Emails a a weak spot
Activities ranged from using personal email
(53 per cent), to social media (40 per cent), financial transactions (51 per
cent), and online shopping (38 per cent).
Personal email and shopping are particular areas of concern for IT support staff. As online shopping ramps up, opportunities for malicious actors to infiltrate corporate networks through malicious online retail sites and bogus ads and scam emails will be abundant.
Awareness
is high, but it’s not fully translating into practice
Encouragingly, 97 per cent of Aussie
respondents said they were aware that links in emails, social media, and fake retail
websites could potentially infect their devices and the company network.
The proportion of employees who have received dedicated cybersecurity awareness training relating to working from home during the pandemic is also high (71 per cent), but there is a disconnect between acquiring this knowledge and actually putting it into practice.
Training is key
The primary reason for this is that most
training fails to engage staff to the extent that the knowledge is fully retained,
and future practices are influenced to any great degree.
In short, much of the training is boring.
By introducing short, snappy, visually
engaging and entertaining learning modules, the message resonates. People are far
more likely to remember and share training content that is fun, and more
importantly, use it to change their online habits for the better.
Additional
measures
Engaging and amusing training is one
important factor in reducing the risk posed by malicious actors, but it is by
no means the only option open to IT teams.
SMEs can take other actions to maintain network security in the new hybrid office/home work environment:
- Have clear policies around the personal use of work devices, with regular reminders sent to staff about these policies.
- Limit what software and websites can be accessed through the business network when working remotely.
- Consider whether it is worth the inherent risk of providing employees with the option to access the corporate network through their non-work devices. This can be complex when using contractors, but it does need some risk vs. benefit analysis.
With so many of us now using our homes as offices, and with the holiday retail period already in full swing, SMEs must address any weak spots in their network security, to ensure that 2021 really is a Happy New Year for their business.
Garrett O’Hara, Principal Technical Consultant, Mimecast Australia
No comments | be the first to comment