Employees working during holiday pose a security risk – research

Before the Internet, a holiday meant time completely free of office work – lounging on the beach, spending quality time with family or travelling. It”s no longer the case today, and hasn”t been for years.

Research has shown that remote working requires additional steps to secure company data. Some organizations do it better than others but, considering the benefits for new parents and freelancers, it”s something companies big and small live with.

However, according to new research by T-Systems, Deutsche Telekom”s cyber-security division, letting employees work on holiday is an altogether different matter – one that poses major security risks.

Interviewing 2,050 full-time UK workers, the company found:

• 31% use free Wi-Fi hotspots, and 24% use them for work-related emails and documents, opening the door to hackers who might want that data
• 28% of employees send work documents to and from their personal email
• 10% plug their work device into USB charging points at airports and stations that a hacker can use to deploy malware onto the machine
• 18% connect their digital camera to their work computer to download photos
• 15% connect USB sticks and memory cards that they share with family members who themselves connect them to home computers that can be infected with malware
• 28% of employees have never had any cyber security training

The last data point is probably the most important. T-Systems” UK head Scott Cairns had this to say about it:

“Where it is unavoidable, businesses should ensure there is training, and clear guidelines to be followed. This training is particularly important, as our research shows many employees are not knowledgeable on the multitude of ways their devices can be infected with viruses and malware… and those who thought they were “very knowledgeable” frequently gave the wrong answer when questioned.”

Data from Thycotic”s 2017 State of Cybersecurity Metrics Annual Report backs these findings. In a Security Measurement Index benchmark survey of 400+ business and security executives, the company found that 58% of organizations worldwide fail to effectively measure their cybersecurity investments and performance.

Globally, upwards of $100 billion is spent every year on cybersecurity defenses, yet an alarming 32 percent of companies purchase cybersecurity blindly, the firm said. In fact, Thycotic found that one in three companies had no way to measure the value or effectiveness of their cybersecurity technologies. And of those that do train employees in security, four out of five never measure the success of such initiatives.

As 60% percent of small companies go out of business within months of a breach, it”s clear why companies need to pay close attention to staff awareness of security threats posed by taking work on holiday with them.