Employee education has been at the forefront of security actions taken by organisations to meet the challenges of remote work scenarios during the COVID-19 pandemic and beyond.
According to new research by ManageEngine, the enterprise IT management division of Zoho Corporation, 67% of organisations raised employee awareness around security threats and 66% provided training on cybersecurity.
Despite this increased focus on education, many organisations are facing ongoing challenges in their IT management. Notably, ManageEngine’s latest Digital Readiness Survey, which polled more than 300 IT professionals in the UK, highlights that employees don’t appear to be fully engaged with these best-practice initiatives.
Over three-quarters (76%) of IT purchases are being made without direct approval from IT teams, creating a disconnect between them and other departments and opening the organisation up to security vulnerabilities from unpatched software.
Less than half (47%) of organisations have adapted their company security strategy, either by introducing new solutions or configuring the existing architecture to reflect the changing ecosystem, despite the litany of concerns while dealing with a remote workforce. Even fewer monitor employee devices to ensure their security, with only 42% doing so.
Sridhar Iyengar, managing director, Zoho Europe, comments, “Educating employees is just one facet of a successful security strategy. In many organisations, the advice and processes being shared with employees by IT teams aren’t always translated into action.
The increased adoption of mobile devices in organisations has improved employee efficiency, but it has also added to the IT department’s corporate data security burden. IT teams, therefore, need to become more proactive by considering implementing device management solutions that deliver secure corporate access to users.”
With 95% of companies planning to continue supporting remote workers for at least the next two years, determining how to adapt and enforce security strategies is critical given the rise in security threats. Almost half (45%) of organisations have experienced an increase in phishing, followed by increases in account hijacking (38%), social-media-based attacks (36%) and endpoint network attacks (34%).
Key to tackling these emerging threats upfront is placing a renewed focus on the consultative role of the IT department and its leadership within the organisation, according to Chris Windley, chairman and CEO of the Cyber Security Association.
Speaking at ManageEngine’s recent Digital Readiness Roundtable, Windley comments, “The level in which IT is embedded within the wider organisation still varies depending on the business. This disconnect, in terms of level of authority and lack of sufficient operating budget, is leading IT professionals to become ‘yes/no people’ as opposed to informed consultants to other teams. There needs to be a more collaborative approach in terms of how the IT team works with the business as a whole, and how it enables access to the right tools and software to ensure cyber and data security, and integrity.”
Iyengar adds, “For many businesses, remote work in some form, and with it the range of security threats, will continue after the pandemic. The way in which businesses utilise their IT teams needs to evolve so that these professionals aren’t purely called upon to limit damage after a problem arises.
Instead, IT teams should fulfil a consultative function to offer advice and best practices to prevent issues from surfacing, and they should have the practical authority needed to effectively manage the whole gamut of IT requirements, from purchasing new software solutions to handling user permissions and networks.”
Follow us and Comment on Twitter @TheEE_io