New research has revealed that nearly a quarter of IT security professionals share their work devices with members of their household.
Researchers questioned more than 400 IT security practitioners across North America and Europe about their security practices and policies during remote working conditions over the past 12 months.
Sixty percent of respondents agreed that COVID-induced remote work conditions had created data security issues within their organizations, with 38% noting that data control during the pandemic has been very hard to manage.
The majority of respondents (75%) said that they had put COVID-centric cybersecurity policies in place, such as two-factor authentication (48%) and encryption of sensitive data (41%). However, nearly 20% admitted that their work devices had been used by other members of their household.
Nearly half (45%) of respondents had allowed the use of personal USB devices without corporate oversight, letting the employee decide which device to use, when to use it, and for what data.
Almost 70% said that they want an encrypted USB policy within their organization, but 40% did not have plans to roll out a corporate USB program.
More than a quarter (27%) of respondents expressed that they were not concerned about losing data through third-party vendors and have increased the number of vendors with whom they work.
“The third-party vendor findings were a surprise given the large number of high-profile third-party breaches in recent years,” said Kurt Markley, US managing director, Apricorn.
“Misplaced trust is risky. Businesses must strengthen their security posture, consider security policies and processes related to how they handle data, and make policy adjustments inside organizations and within agreements with partners.”
Nearly half of respondents (49%) had observed that individual employees in their organization did not consider themselves as targets that attackers could exploit to access company data.
Markley said: “In many cases, successful attacks target employees, so if they are unprepared or untrained, they are a risk.”
He added: “The importance of creating a culture of security, educating users and vendors about security practices, and implementing policies such as end-to-end encryption cannot be overstated for helping organizations remain secure as their operating environments continue to shift.”