Eighty-one percent of surveyed information technology (IT) leaders reported that remote working is now a standard practice within their organization, with half of all respondents revisiting and updating data security policies and processes that they put in place two years ago when remote work programs were hastily deployed.

The Apricorn 2022 Global IT Security Survey revealed that organizations have adapted security policies to accommodate hybrid work, but they are still at risk due to employee compliance and lack of security awareness — particularly when data is on the move between work locations.

Remote work cybersecurity risks

In the survey, 397 IT security practitioners across North America and Europe responded to questions about security practices and policies during remote/hybrid working conditions.

The risk of moving of data between work locations was highlighted by the fact that the majority of respondents (82%) said that encryption should be required to secure USB storage devices, but only 34% say encryption is mandated within their organizations to protect data on the move.

When it comes to security compliance, one-quarter of respondents admit that employees are aware of IT security policies for remote work but are not adhering to them. When remote policies are not followed, it is usually due to employees not prioritizing security practices despite being informed about them (52%) or because they are using personal devices (40%).

Additionally, employees may not be fully aware of the risks their activities pose to the company. Twenty-seven percent of respondents say that employees believe they are at risk of being exploited by attackers to access company data, and 72% believe that either they are adequately protected by existing protocols or they are too small to be a target.

Improving remote work security

Opportunities to improve security culture within organizations are apparent. Eighty percent of organizations have changed their priorities in terms of compliance and security due to the pandemic. IT security professionals have expressed a desire for stronger security policies, but those expectations aren't always being met.

Almost 40% say their IT department does not have the tools to monitor and enforce policies. However, they are making progress where they can, with 56% of organizations reinvesting in employee education, while 83% have continually reinforced policies with employees.

For more information, click here.