2020 SANS Remote Workers Poll

2020-sans-remote-workers-poll



Download Now

Extrahop

Provided by:
Extrahop

Topic:
Security

Format:
PDF

See how the tech workforce has adapted to work-from-home and how organizations have navigated the new challenges posed:

  • Learn what resources are the priority for remote workers

  • Find out the biggest barriers to efficiency

  • Get insights on data accessibility—and security



Download Now

Which workers are your biggest security nightmare? It might not be the people you expect

which-workers-are-your-biggest-security-nightmare?-it-might-not-be-the-people-you-expect

Businesses need to approach cybersecurity in a way that resonates with employees, namely by putting them at the centre.

Business leaders may need to rethink how they offer cyber security awareness training to younger employees, after a report from PwC suggested that Millennials and Gen Zers are most likely to flout IT policies that they feel are over-restrictive.

The latest PwC Workforce Pulse Survey found that employees between the ages of 18 and 39 could be exposing their organisations to greater cybersecurity risks because of their own attitudes toward technology and how they felt about their employers’ cybersecurity polices.

In particular, the survey revealed that 41% of 18-39 year-olds felt it was “burdensome and restrictive” to comply with all of their employer’s security guidelines, with 60% of Millennials (ages 24-39) and 61% of Gen Zers (ages 18-23) feeling they should be allowed to take more risks if it meant greater ease of use.

In practice, this meant younger employers were more likely than their older peers to use
technology that has been banne

d by their bosses: 44% of Millennials admitted to using their work devices to access apps and other software than had been expressly prohibited by their employer, compared to 45% of Gen Zers and 37% of respondents in other age groups.

While some might be quick to moan about the youth of today, PwC suggests that the findings indicate a wider cultural issue around how companies structure workplace cybersecurity training, compounded with the many issues that employees currently
face while working from home.

SEE: Zero trust security: A cheat sheet (free PDF) (TechRepublic)

“Employees want the same fast, convenient, frictionless tech experience they have in their personal lives to happen at work,” said the report.

“The user experience of enterprise technology isn’t always as seamless as it could be. And with so many people working from home, the need for reliable, user-friendly apps and programs that enable collaboration, creativity and communication has never been higher.”

While IT leaders said they have upped the volume of cybersecurity training and
increased investment in technical solutions,

employees themselves seem to be less aware of the steps their organisation is taking to safeguard them. For example, nearly 70% of CISOs and CIOs surveyed by PwC said they had increased security training as a result of COVID-19; yet only 30% of employees said their employer offered training on the dos and don’ts of protecting company assets and data.

Similarly, less than a third of respondents said their employer had provided dedicated devices for doing work at home, and only 23% said their company had “provided a compelling case for why employees need to have good data security habits.”

PwC pointed out that much of businesses’ cybersecurity activities happen behind the scenes, meaning employees may not always be aware of the efforts being taken to protect them on a day-to-day basis. However, the report suggested that “the lack of awareness around more visible tactics,” such as additional training, indicated that “efforts leaders are making to help increase their employees’ cyber acumen simply aren’t resonating.”

SSL certificate best practices policy (TechRepublic Premium)

Another problem businesses face is grappling with the stigma of flagging cyber security incidents when they occur. Only 26% of respondents to PwC’s survey said they could escalate a security incident they may have caused without fear of reprisal from their boss. This suggests that data breaches and other cybersecurity incidents are not being reported as soon as they occur, potentially leaving company systems exposed for longer and increasing the severity of the breach.

“It’s important to reinforce the message that it’s okay to elevate a security risk,” the report said.

“Consider implementing a zero-tolerance policy on retribution or creating a channel for people to report security risks anonymously. The more willing people are to report a risk, the faster you can identify and contain the fallout.” 

Bringing about the necessary culture change to improve workplace cybersecurity means changing the messaging and communication with employees as well as providing incentives that offer them career development, PwC concluded.

This could include awarding certifications or badges to cybersecurity “ambassadors” that can be recognised in the talent market, as well as introducing incentives and rewards for good cybersecurity habits. At the same time, businesses should amend security policies so that they reflect employees’ personal concerns, rather than focusing on implications for the company, PwC said.

On the technology side, employers should pay more attention to the user experience when choosing technology and designing policies, and ask employees to offer their input.

Cybersecurity Insider Newsletter

Strengthen your organization’s IT security defenses by keeping abreast of the latest cybersecurity news, solutions, and best practices.
Delivered Tuesdays and Thursdays



Sign up today

Also see

Remote workers aren’t taking security seriously. Now that has to change

remote-workers-aren’t-taking-security-seriously.-now-that-has-to-change

IT teams help can mitigate the risks of shadow IT by being more flexible and adapting to the needs of remote workers, according to a new study.

UK businesses must tackle the dangers posed by ‘shadow IT’ as coronavirus restrictions are lifted and offices begin to reopen their doors again.

Remote working has led to a heavy reliance on productivity software and other forms of collaboration tools to keep businesses running amid COVID-19. However, organizations have also lost oversight on the apps and services being used by employee to conduct business, raising a variety of fresh cyber security concerns for IT teams.

Research commissioned by Citrix and carried out by OnePoll has highlight the extent of this problem. In to a survey of 7,500 office workers in Germany, the US, UK, Australia, Canada, France and the Netherlands, 43% of UK  admitted to using software and tools on their work computers that had not been approved by their IT department – or had been explicitly prohibited.

Of those using “shadow” systems – that is, technology and software not approved or managed by their organisation’s IT team – the most common example was unauthorised video conferencing applications, in which nearly half (48%) of employees admitted to using, followed by instant messaging software at 45%.

To avoid
shadow IT

and to make businesses more secure in a future with more office workers working from home, IT teams will need adopt a more “digitally-forward culture” that is more flexible, adaptable and able to anticipate employees’ remote working needs, Citrix said.

SEE: Shadow IT policy (TechRepublic Premium)

Darren Fields, VP of Networking EMEA at Citrix, told TechRepublic: “The rapid shift to working from home has created the conditions for shadow IT to become an increasingly important issue. Whilst it is understandable that employees needed to adapt quickly to new pressures and concerns, given the global pandemic, it is important that businesses tighten up on these procedures going forward in order to safeguard their organisation from external threats.”

Citrix isn’t the only organization to have spotted this trend: 
a recent study from Trend Micro

 also found people showing a lax attitude to following their company’s IT security policies, with 56% of respondents admitted to using a non-work application on a work device and a third of respondents saying they did not give much thought to whether the apps they use are approved by IT or not.

Earlier research also commissioned by Citrix found that seven in 10 respondents were concerned about information security as a result of employees using shadow IT or unsanctioned software, with three in five seeing shadow IT as a significant risk to their organisation’s data compliance. However, the same proportion also thought the use of informal software and applications by employees was generating more innovative approaches to teamwork and collaboration.

SEE: Working remotely: A professional’s guide to the essential tools (free PDF) (TechRepublic) 

Fields said employers needed to plan for the fact that remote working would become more commonplace in future and “get a better handle of the situation” to ensure “bad habits don’t become commonplace.”

Overall, employees appeared optimistic that companies would meet their expectations for the new normal: nearly two thirds of those polled (65%) believed employees would show a better understanding of the “human factor” in the workplace, while 47% percent agreed that the coronavirus crisis experience would “help soften established corporate hierarchies.”

“Technology equipment aside, employers should also keep an eye on their employees’ well-being in the new world of work,” said Fields.

“In this new, sometimes unusual situation, some people have a hard time drawing a clear line between their business and private lives. This is completely understandable, especially when both occur within the same room, or even at the same table.”

Cybersecurity Insider Newsletter

Strengthen your organization’s IT security defenses by keeping abreast of the latest cybersecurity news, solutions, and best practices.
Delivered Tuesdays and Thursdays



Sign up today

COVID-19: Gen Z workers are struggling with careers and worried about the future

covid-19:-gen-z-workers-are-struggling-with-careers-and-worried-about-the-future

Interviews cancelled, reduced hours and pay, and furlough: Gen Z gives insight into its uncertain future in a new study from CollegeFinance.com.

Image: Getty Images/iStockphoto

Boomers had the Vietnam War, Gen X had 9/11, and millennials had Columbine (which started the swath of school and workplace gun tragedies). Now, Generation Z has the worldwide coronavirus pandemic. Each generation witnessed or experienced watershed events that greatly affected many lives. On July 1, the highest number of US COVID-19 cases for a single day were recorded: 50,000. 

Gen Z found itself in an unprecedented situation. The first “class” of Gen Z graduated from college in May 2019 and unceremoniously lost jobs or had their work situation dramatically change. The next Gen Z class was high school seniors, and from mid-March to their virtual graduations, they finished that iconic year in near isolation from peers.

SEE: Coronavirus: What business pros need to know (TechRepublic)

While they may have a lot to say, they’re also extremely uncertain about how the pandemic will affect their careers, according to a study by College.Finance.com. The COVID-19 recession has directly impacted their finances. Nearly half of respondents (49%) said COVID-19 hasn’t made them reconsider jobs or careers, 21% said they weren’t sure if it would, and 31% were actually looking forward to considering new careers and jobs. 

About one in five employed said they’d consider going back to school to change their professional career goals. 

Image: CollegeFinance.com

Gen Z respondents to the survey said:

  • 46% said their job paths or careers were less stable than previously expected

  • 42% claim to be absolutely unaffected by COVID-19

  • 13% said the virus brought about stability to their jobs.

  • 48.7% said it’s very unlikely they’ll change their career or job due to the coronavirus

  • 30.6% said they are likely to find a new career path

  • 20.7% are unsure if they will or won’t change their trajectory

  • 21% of employed respondents are considering  a change to their careers

  • 27% of those with student debt were most interested in going back to school

  • 14% of those without student debt wanted to go back to school

Those who were seriously considering returning to school said they’d be willing to take on $15,465 in student debt to do so.

A whopping 65% of Gen Z Americans are thinking about returning to school, because of the economic impact of the virus and felt their planned career paths were much less stable. Others who are contemplating a return to school:

  • 16% are working in retail

  • 14% are working in hotel, food services, and hospitality

Image: CollegeFinance.com

The most appealing industries to those who want to change jobs were:

  • Technology 15.9%

  • Medical and healthcare 9.6%

  • Finance and insurance 7.9%

  • Information services and data processing 7.3%

  • Education 7%

  • Construction and manufacturing 6.3%

Most interested in changing careers? Those in education (62%), technology (57%) and construction and manufacturing (56%). The education industry has not held the interest of 28%, who are now interested in pivoting into the tech industry. Those with jobs in tech (29%) were most interested in finance and insurance. 

Some Gen Z workers consider changing jobs

For a generation without a lot of practical work experience (and the savings to survive the pandemic) it’s a good deal of uncertainty and  frustration.

COVID-19’s effects are less-favorable than more favorable, said working Gen Zs:

  • 34% experienced cancellations of planned job interviews

  • 30% have had their hours reduced

  • 19% were offered less pay

  • 12% were furloughed

The effects of COVID-19 are tough on the working life of Gen Z. Respondents said the average salary decrease for them was $6,000. Only 29% said COVID-19 had no impact on their jobs.

Among those who are thinking about a career change:

  • 40% are interested in positions of essential workers (includes 47% millennials)

  • 27%–the least likely to consider a job in essential careers

  • 16% were considering technology

  • 10% were considering healthcare

  • 8% were considering finance and insurance. 

Job outlook for the second wave

Around 71% of Gen Z said they fear going into the job market because of the instability the potential second wave of the virus would cause, and 60% of employed workers believe a second wave would negatively impact their jobs; 23% are worried about being laid off.

Of those whose job stability wasn’t affected by COVID-19, 26% will be on the lookout for a career change when the second wave hits.

Even though President Donald Trump said on July 1 he believes the virus will go away this month, about 60% of employed Americans are afraid that a second wave of the coronavirus will have a negative impact on their jobs, and 23% are afraid of outright layoffs.  

Methodology

CollegeFinance.com surveyed 1,007 people from the ages of 18 to 70 to explore how COVID-19 affected career and job outlook. Survey respondents included a sample of 189 people identifying as Generation Z in order to explore their outlook on jobs and interview or job application experiences since the COVID-19 outbreak.

Also see