With the COVID-19 pandemic and related lockdowns impacting public life, the number of remote workers has skyrocketed. In response to this, OneLogin, a cloud-based identity and access management firm, has created the 2020 COVID-19 OneLogin State of Remote Work Survey Report.
This survey’s methodology was fueled by responses from 5,000 global workers that were working remotely between the dates of April 23rd and May 4th, 2020. Their responses provide some much-needed illumination on many aspects of the state of remote worker security and this article will explore them all.
Rationale for this report
The reason for this report is the recent drastic increase in the number of workers working remotely. The numbers really tell the tale here — before COVID-19, only 3.6% of workers in the United States reported working remotely (part-time or full-time) and now under the pandemic 62% of workers are reporting working remotely. This translates into the security of remote workers moving to the forefront of information security concerns.
Wi-Fi password practices
Having good Wi-Fi password practices is critical for remote workers as they are accessing organization applications and networks from their Wi-Fi network. However, as the survey noted, many remote workers have poor Wi-Fi security practices. With this said, the United States has relatively healthy Wi-Fi password practices. 37% of employees reported changing their password within the last month and 28% within the last six months.
An interesting thing about this survey is that it categorized which region of the United States the responses came from. The best password practices were on the West Coast, where 50% of respondents reported changing their password in the last month. Only 11% of midwest respondents followed suit.
Remote work hygiene
Remote workers reported fairly widespread poor remote work hygiene practices. The report lists several criteria it considers such as using a public Wi-Fi network, sharing work computers with family members, using non-work devices to access work applications and downloading applications that have not been approved by their IT department. This all translates into increased risk of data exposure.
Unlike Wi-Fi passwords, remote workers in the United States have relatively poor remote work hygiene practices.
- 23% worked on a public Wi-Fi network
- 33% downloaded a personal application without IT approval
- 36% accessed work applications on a non-work device
- 45% shared their work computer with a spouse or child
- Only 16% report never doing any of these
Use of personal entertainment applications
It was reported that 70% of remote workers use a company/organization computer for their remote work. However, as was shown by the last section, the lines become blurred between work and personal use. The survey asked about what services, applications and websites respondents accessed from their work computers, results for the United States presented below:
- 50% streaming services such as Netflix, Amazon, Hulu
- 62% YouTube
- 37% online gambling/gaming
- 17% adult entertainment
- 15% none
Implementing multi-factor authentication (MFA)
Accessing personal applications and websites remotely from work computers leaves them vulnerable to malicious actors who could get a hold of usernames and passwords. Implementing MFA helps prevent this by requiring extra authentication by email, SMS, voice or biometrics.
- 60% of remote workers in the United States report their organization has implemented MFA
- 30% said their organization has not implemented MFA
- 9% are not sure
Implementation of MFA in the United States is strong, with the southwest reporting 65% MFA implementation and the midwest reporting a relatively respectable 54%.
Respondents were asked if any of their online accounts had been compromised since working remotely and if so did they change their password. A staggering 62% reported that they had been impacted by a breach. Below are the responses from those compromised:
- 38% changed their password after breach
- 24% did not change their password after breach
This is frightening from an information security standpoint — what can be gleaned is that there are some workers who think breaches are not serious enough to perform nearly the simplest security action you can take to protect yourself.
The future of work
On the minds of many remote workers is whether this “new normal” is going to become the future of work. Respondents were asked if they think that work cultures will be realigned in favor of remote work after COVID-19. Their answers may surprise you:
- 50%: Yes
- 35%: No
- 15%: Not sure
Imagine if this question would have been asked just a year ago when only 3.6% of workers worked remotely! A little less surprising is how different regions of the United States responded:
- The West Coast led the country with 60%
- The Southeast were the least convinced, with 47%
- The most not sure about how this would change with 20%
With the massive increase in remote workers due to the COVID-19 pandemic, security for remote workers is more important now than ever. When deploying remote workers, organizations should think through the following factors:
- Remote work policies and expectations
- Provisioning work computers and other devices
- Onboarding and offboarding employees
- Access to business-critical applications
- Access to collaboration apps such as Microsoft Teams
- Network/VPN access
- Secure login capabilities