Before the COVID-19 pandemic, more than 80% of Americans had worked from home either rarely or not at all. Now, more than half are doing so, with no new security policies to help guide them, according to an IBM survey conducted by Morning Consult.
Many Americans are expected to continue to work from home through the rest of 2020 and beyond. Yet companies seem to be playing catch-up as they attempt to manage the security risks of rushed remote-work models.
They researchers found that business activities once monitored under specific policies and conducted in protected office environments have quickly transitioned to potentially less secure territory. Customer service agents, for example, previously worked in closely managed call centers. Now, they are managing sensitive customer data at home.
The shift to working from home has also moved face-to-face meetings to video conferencing calls and other new collaboration tools, yet many employees lack guidance, direction and policies to use these new tools and procedures securely.
While 93% of those newly working from home are confident in their company's ability to keep personally identifiable information (PII) secure during remote work, 52% remote workers are using personal laptops for work – often with no new tools to secure it. 45% haven't even received any new training, the survey showed.
There are no new guidelines on how to handle highly regulated PII while working from home, according to almost half of employees surveyed. The finding is even more worrying considering that managing PII is part of the job for 42% of employees.
More than 50% of respondents don't know of any new company policies related to customer data handling or password management. And 66% have not been provided with new password management guidelines, while 35% are still reusing passwords for business accounts.
"Organizations need to use a risk-based approach with work-from-home models, then reassess and build from the ground up," IBM’s Charles Hendersonsaid. "Working from home is going to be a long-lasting reality within many organizations, and the security assumptions we once relied on in our traditional offices may not be enough as our workforce transitions to new, less controlled surroundings."