Firms failing to train staff on remote working cyber security
Jenny Roper, January 02, 2019
Our own research, the ‘Pulse Report’, which covered 11 countries and polled the views of more than 1000 senior managers directly involved in HR and Learning & Development – or who influence the ...
Read More David Wells
January 02, 2019 11:50
A third (32%) of UK businesses have suffered a data breach due to remote working in the past 12 months, according to research from CybSafe
CybSafe’s research suggested that while remote working has become more common, businesses aren’t doing enough to adapt and improve their security practices and policies.
Though 80% of UK businesses have seen a rise in remote working over the past two years, 24% have not implemented basic security precautions such as installing antivirus software, and 30% don’t have any measures in place to restrict file access, the survey found.
Additionally only 50% have provided any training on cyber security in the past 12 months.
“Businesses need to properly recognise the security challenges of the mobile professional and take a proactive approach – training staff so they recognise and deal with threats at work, on the go, and at home is important,” said Oz Alashe, CEO and founder of CybSafe.
He added that it is even more important to create the right cultural expectations, which is where HR comes in. "A business can spend time training its staff to not go onto public Wi-Fi while accessing sensitive company information, but if people believe that this is pointless, and moreover that doing so requires too much effort, they’ll simply ignore the order," he told HR magazine.
"If people feel too constrained by security they’ll often look for easy ‘backdoors’: writing down passwords, sharing sensitive business information through private emails, and so on. Ideally change the perception and behaviour of staff through positive training rather than implementing restrictive technologies."
Alashe also advised businesses to "encourage your people to view security not as something restrictive, but as something that enables the company to perform at its best".
Randall Peterson, professor of organisational behaviour at London Business School and academic director of its Leadership Institute, recommended HR approach training and awareness-raising from a position of trust. "This should be done in the spirit of 'we assume you want to do the right thing but may not know what the right thing is'," he said. "If it's a top-down 'you must' session people don't want to do it."
Peterson added that HR must be careful to get such an approach right so employees don't assume they're trying to find excuses for why staff shouldn't work remotely.
The CybSafe research also found that most decision-makers are generally overconfident when it comes to cyber security. Three-quarters (76%) of those surveyed believed that every employee understands how to safely work remotely.
Alashe said: “Most business leaders assume that their people know how to work safely when working remotely – but the number of data breaches caused by staff working remotely and the lack of training indicates that this isn’t the case. Given that remote working is likely to increase in popularity year on year this is a problem that’s only going to get worse if businesses refuse to take action.”
Remote working covers a much wider range of circumstances than many are aware of, added Alashe.
“Most of us work remotely even if we don’t realise it: we work on the train, in coffee shops, and even walking down the street. People respond to emails and click on links on their phones; often outside traditional working hours," he told HR magazine.
"Above all we need to change people's perceptions about remote working security. This is where HR professionals can play a key part. Staff need to understand that homes are just as vulnerable as office blocks."
Peterson added that the average person's cyber security literacy is not high, which is why HR is needed as a bridge between employees and IT. "It's things like using email, which most people think of as secure, when it's actually one of the least secure means of transferring data," he said.
He added: "For god's sake don't leave this to IT, because they don't understand where the average employee is in terms of IT literacy and that it's more about the culture you create."
These concerns come as separate data from the TUC shows that nearly a quarter of a million (241,000) more people work from home than 10 years ago. The latest data from the Office for National Statistics also shows that almost two million UK employees work mostly from home – 7.1% of the overall workforce.
Research by the London Business School’s Leadership Institute and Harvey Nash at the end of last year found that cyber security is now the top concern for 72% of board members, compared to three years ago when it came fifth in the same survey.