HIPAA Journal is the leading provider of news, updates, and independent advice for HIPAA compliance

Survey Explores Cybersecurity Impact of COVID-19 Enforced Switch to a Remote Working Environment

Prior to the 2019 Novel Coronavirus pandemic, many companies allowed some of their employees to spend some of the week working from home; however, COVID-19 dramatically changed the way people work, with national lockdowns forcing employers to rapidly change working practices and allow virtually all of their employees to work remotely.

When lockdowns were lifted, many employees continued to work from home. The new remote working environment is considered by many to be now be the new normal. Remote working has created many challenges, especially for cybersecurity as it is harder for organizations to prevent, detect, and contain cyberattacks when much of the workforce is working remotely.

A recent survey conducted on 2,215 IT and IT security professionals by the Ponemon Institute on behalf of Keeper Security explores the cybersecurity challenges of teleworking and assesses how companies have adapted cybersecurity practices to address the risks of teleworking.

One of the key findings from the survey is remote working has significantly reduced the effectiveness of organizations’ security posture.  When respondents were asked about the effectiveness of their security defenses before and during the pandemic, 71% rated their security defenses as either very or highly effective before the pandemic, with only 44% rating their defenses so highly during the pandemic.

Get The Checklist

Free and Immediate Download
HIPAA Compliance Checklist

Delivered via email so verify your email address is correct.

Your Privacy Respected

HIPAA Journal Privacy Policy

The survey uncovered several reasons for the perceived decline in the effectiveness of those defenses.  When employees work on-site, physical security measures are in place to prevent the theft of equipment and data. 47% of respondents said the lack of physical security at employees’ homes was a significant concern.

71% of IT professionals felt that remote workers were putting their organization at risk of a data breach, while 57% said remote workers are a prime target for cybercriminals looking to exploit vulnerabilities.

Remote workers need to access business-critical applications, with 59% of respondents reporting that remote access to those applications increased during the pandemic. On average, organizations have 51 business-critical applications and 56% of those applications are being accessed remotely.

56% of respondents said the time to respond to a cyberattack has increased during the pandemic and 42% of respondents said they have no understanding about how to protect against cyberattacks with so many remote workers.

There has been a major increase in the use of personal devices due to the pandemic, and BYOD schemes have reduced organizations’ security posture. 67% of respondents said remote workers were using personal devices for work purposes during the pandemic, including mobile phones, which are the most vulnerable devices.

Intrusion detection systems that were effective with office-based working are far less effective with teleworking. 51% of respondents reported an exploit or malware infection that evaded their intrusion detection systems during the pandemic and 61% said they had experienced a cyberattack during the pandemic, with phishing and social engineering attacks the most common attack method.

Despite the risk of cyberattacks, 31% of organizations said they have not implemented multi-factor authentication for remote workers, only 43% provide security awareness training covering the risks of remote working, and only 47% are monitoring their networks 24/7. Less than half of respondents protect company-owned devices with up-to-date anti-virus, device encryption and firewalls. If these security issues are not addressed, organizations will face a far higher risk of experiencing a cyberattack and costly data breach. You can view the full findings of the survey and recommendations on this link.

Author: Steve Alder is the editor-in-chief of HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered on HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has several years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics.