New research has revealed that remote and hybrid workers are especially susceptible to scams.
A recent study by GetApp revealed that a shocking 85 per cent of remote and hybrid employees have been the victim of a phishing attack on at least one occasion. Another 67 per cent have been stung more than once.
Andrew Blair, content analyst at GetApp Australia, believes that a lack of security measures in remote-working environments is contributing to these statistics.
“Companies that have transitioned to fully remote or hybrid working models in previous years should reflect on what best supports their employees and technology’s role,” explained Mr Blair.
“In particular, technology aimed to boost productivity and security while simultaneously fulfilling the needs of location-specific remote and hybrid working employees.”
This has prompted the need for more security in remote and hybrid working situations. The most popular methods for these attacks, according to the respondents, were:
- Impersonating a company (48 per cent)
- An award prize (48 per cent)
- Impersonating a government agency (20 per cent)
- COVID-19 alerts (17 per cent)
There are a few ways that employees are responding to these attacks, with the most popular being:
- Setting up two-factor authentication (38 per cent)
- Installing antivirus software (34 per cent)
- Regularly changing Wi-Fi passwords (18 per cent)
- Choosing not to use desktop files (12 per cent)
Alarmingly, just 25 per cent of respondents said they regularly receive cyber security training. With three-quarters not, employers may be able to tackle these issues by keeping employees up to date with security awareness.
Remote and hybrid working can leave employers with a “set-and-forget” mindset to checking up on their workforce. This can allow problems to persist. With GetApp’s report finding that 82 per cent of people prefer remote working, it’s important to provide cyber security training for those working from home.
Simply changing passwords can make a difference. However, the study found that 26 per cent of remote or hybrid workers who have been targeted by phishing attacks keep their password the same afterwards. Similarly, only a quarter said they have installed email security software to protect their home working set-up.
There are a few ways that employers and individuals can help identify and prevent these issues. According to GetApp, if an incident occurs, the next steps should be:
- Identify the breach: Record when the breach was discovered, the type of personal information involved, and the cause and extent of the breach.
- Contain the breach: Assess the seriousness of the breach and act immediately. This can include contacting recipients to ask them to delete the email and change their passwords.
- Assess the risks of individuals associated with the breach: Collect information about the breach and assess if further action is required, such as advising your systems administrator.
- Consider a breach notification: Decide whether to escalate to a response team to conduct an initial investigation and notify the Australian Cyber Security Centre (ACSC), depending on the extent of the breach.
- Review the incident: Follow up with a full investigation to prevent future breaches.
RELATED TERMS
In a hybrid work environment, individuals are allowed to work from a different location occasionally but are still required to come into the office at least once a week. With the phrase "hybrid workplace," which denotes an office that may accommodate interactions between in-person and remote workers, "hybrid work" can also refer to a physical location.
Professionals can use remote work as a working method to do business away from a regular office setting. It is predicated on the idea that work need not be carried out in a certain location to be successful.
Jack Campbell
Jack is the editor at HR Leader.