Report: The Risks Of Poor Cybersecurity Knowledge And Remote Working

Published on 09/03/2020 by Anna Hammond

Remote working is increasingly shifting into the norm for Australian small and medium-sized businesses (SMEs). According to our most recent survey, 60% of Australian staff working in SMEs are allowed to work outside of the office. 

Cybersecurity Australian SMEs

It’s hard not to appreciate the proven benefits of remote working. A report by Indeed highlighted its positive impacts, including: 

  • ‘More productive employees (67%)
  • Improved morale (64%)
  • Reduced absenteeism and employee turnover (57%) 
  • Operational cost savings (51%).’ 

Yet, as remote working opportunities increase, so do the opportunities for hackers. 

The results of our survey revealed a worrying knowledge gap when it comes to cybersecurity awareness within small and medium-sized businesses. 

These companies are at risk of cyberattacks because they don’t provide efficient training with staff on how to work securely offsite

Highlights of the survey: SMEs aren’t prepared for cyberattacks 

We surveyed 300 Australian SME workers to discover their level of cybersecurity knowledge. Key findings include:

  • 37 percent of employees said they’ve had no training on how to keep company data secure.
  • 62 percent of staff said they don’t know of (or have) a dedicated person to deal with data security, privacy, or compliance issues.
  • Junior staff (interns, graduates and entry-level staff) were least knowledgeable.
  • 28 percent of managers were also unsure about how to report a data security breach within their business.

The wall between personal and professional lives is crumbling

The line between the office environment and out-of-office setting is increasingly blurring. More than two-thirds (67%) of respondents use their personal device to work on occasion, and 60 percent of respondents say they’re allowed to work remotely. 

The most common destinations for remote working suggests employees crave more comfortable setups—the most popular destination to work remotely is the comfort of their own home (54%), followed by local coffee shops or cafes (17%). 

Employees are also working remotely for business travel reasons, with 9 percent of respondents saying they work in coworking spaces and 7 percent from hotels.

 

Most popular remote working destinations in Australia

 

Remote working increases cyber risks

While remote working becomes common practice, it also poses new threats to data security. More than two-thirds (67%) of respondents said they make use of public Wi-Fi when working offsite—which is often found in coffee shops, hotels, restaurants or publicly available hotspots (such as a beach or transportation hub).

Cybersecurity expert, Anas Baig, writes about the dangers of working using public Wi-Fi without adequate protection. He says:

‘What most people don’t realise is that free public Wi-Fi isn’t secure. Even if it requires a password to log in, that doesn’t necessarily mean your online activities are safe. You might love public Wi-Fi, but so do hackers!’

One common technique a hacker uses to steal data is called a man in the middle (MITM) attack. The hacker connects to a network with other people connected to it, such as a public Wi-FI, and intercept communications between the Wi-Fi and its users. From this, they’re able to obtain and view all incoming and outcoming data from the user(s).

A lack of security awareness increases cybersecurity risks

Despite many respondents using personal devices to work remotely, only around half (56%) of them said they’ve installed ‘additional security to keep these systems safe.’ 

Most laptops don’t come with security software installed. This leaves them exposed to viruses, spyware, malware, and ransomware as soon as the user connects to the Internet. Those risks heighten when workers don’t manage their passwords securely. 

Hackers are becoming increasingly well resourced, and better skilled at scoping out individuals with no to little security defences. According to our research, nearly a quarter (24%) of respondents said they had been hacked on their personal device and 13 percent said there was a possibility they’d been hacked but weren’t aware of it.

 

Cybercrime awareness in Australia

 

Despite these attacks, 20 percent of the cybercrime victims said they didn’t change their password afterwards. With more than 40 percent of respondents claiming they share passwords between their personal and business accounts, this leaves sensitive company information vulnerable. 

To combat inefficient password management, businesses can deploy a password security policy and provide training on how to identify potential threats.

Junior staff are the least knowledgeable about data security

With the risks that SMEs face, it begs the question: Why are staff seemingly so careless with their laptop and password security?

 

Data security knowledge in Australia.

 

According to our research, it may not be their fault. Despite the majority of respondents saying they’d received training on how to keep company data secure, 37 percent of respondents said they haven’t. 

Even with the respondents who said they had received training, most employees weren’t aware of who to contact in an event of a data security issue. Around two-thirds (61%) said they didn’t know of an individual within their business that is responsible for data security, privacy or compliance. Of those respondents, 60 percent were junior staff members.

Yet, management-level staff aren’t necessarily more cybersecurity-savvy. 

 

Poor data knowledge in Australia by demographic

 

Without their knowledge, it’s difficult to expect lower-end staff to have a thorough understanding of the steps they can take to work securely. 

The results indicated that senior SME leaders are equipping themselves with key cybersecurity information. However, the staff’s lack of knowledge could be their businesses biggest threat. 

SMEs are the biggest target of cybercriminals

Often, it’s the globally known enterprises that the media reports on in the case of a cyberattack. Consequently, smaller businesses may feel they can get away with lax cybersecurity policies. 

The sobering truth is those small businesses tend to have fewer security resources available than enterprises, and their defences aren’t as strong. This makes them an ideal target for hackers. 

In a recent survey by SmartCompany of 1,000 SMEs in Australia, 78% of respondents said they’d been the target of cyberattacks. The consequences of recovering against a cyberattack can be the sole reason SMEs fail. With that in mind, businesses must educate themselves and stay protected.

How can businesses implement a secure remote work policy?

SMEs must instil cybersecurity policies in their remote work clause. Besides preventing staff from carrying out work on personal devices, the policies should provide guidance on:

  • How to report the first signs of data compromises
  • Approved company tools and platforms
  • Use of public WiFi.

Companies should also equip themselves with adequate security tools. We’ve included three technologies to help businesses set up strong defence systems:

1. Password management software 

Password management software provides businesses with a safe vault to store multiple passwords. They also tend to operate a multi-factor authentication system.

Before a user can login to one of their business accounts, they’ll need to authenticate the activity on another device. Usually, this will be in the form of a push notification or a code. This adds an extra layer of security to your systems while staff work remotely.

2. VPN software

VPN (Virtual Private Network) software is crucial when connecting to unsecured networks, such as public Wi-Fi. It is a private network that uses a common public network, such as the Internet, to connect users or remote sites together. How Stuff Works explains further: 

‘The VPN uses “virtual” connections routed through the internet from the business’s private network or a third-party VPN service to the remote site or person. VPNs help ensure security — anyone intercepting the encrypted data can’t read it.’

3. Firewalls (commonly included with network security software solutions

Firewalls also help to prevent unauthorised access to and from your networks. It acts as a network security device and works by monitoring incoming and outgoing network traffic. By installing them on staff laptops, your network security strengthens because it blocks specific traffic based on a defined set of security rules.

Remote working has many benefits that businesses should take advantage of. However, before extending these policies, consider cybersecurity first and take the necessary steps to ensure company data remains secure.

Are you ready to amplify your defence system? Check out Capterra’s directory of cybersecurity software today. 

Methodology

To collect the data for this article, we conducted an online survey through QuestionPro. The answers come from a sample of 300 full-time or part-time employees working for a small or medium-sized business in Australia. 

This article may refer to products, programs or services that are not available in your country, or that may be restricted under the laws or regulations of your country. We suggest that you consult the software provider directly for information regarding product availability and compliance with local laws.