Study lifts lid on hybrid IT security practice and policy

A large number of organisations have increased cyber security and data protocols over the past two years but still struggle with employee compliance. Whilst organisations have adapted security policies to accommodate hybrid work, they are still at risk due to lack of security awareness – particularly when data is on the move between work locations.

This is among the findings of a study of nearly 400 IT security practitioners across North America and Europe, conducted by USB manufacturer Apricorn.

For 81% of respondents, remote working is now a standard practice within their organisation, with half of all respondents revisiting and updating data security policies and processes that they put in place two years ago when remote work programmes were hastily deployed.

The risk of moving of data between work locations was highlighted by the fact that the majority of respondents (82%) said that encryption should be required to secure USB storage devices, but only 34% say encryption is mandated within their organisations to protect data on the move.

Employee compliance is a concern survey respondents need to address. One-quarter admit that employees are aware of IT security policies for remote work but are not adhering to them. When remote policies are not followed, it is usually due to employees not prioritising security practices despite being informed about them (51.8%) or because they are using personal devices (40.16%).

“Now that organisations have settled in and have adapted to hybrid work environments, IT security depends on the culture of the company and employee compliance now more than ever,” said Kurt Markley, US managing director, Apricorn. “IT security professionals shared that nearly three-fourths of remote employees don’t feel they are at risk of being targeted or successfully attacked. This demonstrates that there is a need for a stronger security culture among employees working outside of the corporate firewall. Protecting against cyber threats is not just an IT or security team issue – it’s a company issue.

“As organisations experience gaps in employee compliance, many are stepping up in terms of education which is key to elevating the culture of security in hybrid workplaces. The trust employees have in their organisations’ security protocols is encouraging, but it’s important they do not get complacent. Hybrid work may be normalised, but cyber security threats are always evolving. Continued policy updates and employee education and buy-in will remain of critical importance to hybrid workforce data security.”

    Share Story:

YOU MIGHT ALSO LIKE


Cyber risk in the transportation industry
The connected nature of the transport and logistics industries makes them an attractive target for hackers, with potentially disruptive and costly consequences. Between June 2020 and June 2021, the transportation industry saw an 186% increase in weekly ransomware attacks. At the same time, regulations and cyber security standards are lacking – creating weak postures across the board. This podcast explores the key risks. Published April 2022.

Political risk: A fresh perspective
CIR’s editor, Deborah Ritchie speaks with head of PCS at Verisk, Tom Johansmeyer about the confluence of political, nat cat and pandemic risks in a world that is becoming an increasingly risky place in which to do business. Published February 2022.