ThreatList: Remote Workers Threaten 1 in 3 Organizations

remote workers cybersecurity risk

More than one-third of surveyed organizations (36 percent) said they have experienced a security incident because of a remote worker’s actions.

While IT leaders see the benefits of remote working and understand that millennial-friendly telecommuting is unlikely to go anywhere anytime soon, many still fear that the potential of employees to access corporate resources via public Wi-fi and the use of personal devices opens their organizations up to cyberattacks.

In an OpenVPN survey of 250 IT leaders, from the manager level through the C-suite, 92 percent of respondents said they believe the benefits of remote work outweigh the risks. At the same time, a full 90 percent said they believe remote workers pose a security risk in general. Also, more than half (54 percent) said they believe that remote employees pose a greater security risk than onsite employees.

And indeed, more than one-third of surveyed organizations (36 percent) said have experienced a security incident because of a remote worker’s actions.


Executives are particularly concerned about the risk remote workers pose, as nearly three-quarters (73 percent) of vice presidents and C-suite IT leaders believe remote workers pose a greater risk than onsite employees, compared to just 48 percent of IT managers and 45 percent of IT directors.

When it comes to the steps companies are taking to mitigate the risks of remote work, most (93 percent) have a formalized policy in place that applies specifically to remote workers, including requiring the use of hardware tokens or VPNs (74 percent), prohibiting workers from using their personal laptops for work (38 percent) and password managers (56 percent) a previous OpenVPN survey found that 25 percent of employees regardless of location use the same password for everything).

Most also require sensitive data to be encrypted (69 percent) and require security training for employees (66 percent).

Organizations also seem to grasp the importance of holding continuous cybersecurity education sessions for remote workers – a full 90 percent say their organization requires that remote workers take part in cybersecurity training. However, only 23 percent do so more than twice per year, with about a third holding sessions biannually (32 percent) and a quarter doing them only annually. About 8 percent only hold them during employee onboarding, and 11 percent have an e-learning platform for on-demand courses.

Yet, nearly a quarter of organizations (24 percent) haven’t updated their remote work security policy in more than a year. Nearly half (49 percent) of IT leaders say they only somewhat agree that remote employees adhere to remote work policies at all. And just 44 percent of organizations do not let IT teams take the lead role in developing those policies.

The role of IT departments in developing policy seems to correlate to outcomes, with well over half (57 percent) of organizations that hadn’t experienced a remote worker-caused breach relying on an IT-led effort. In contrast, only 49 percent of IT departments led security planning for companies that had experienced such an incident.

With 4.3 million employees in the US (3.2 percent of the workforce) now working from home at least half the time, businesses would do well to consider how to shore up the security around the trend.

“There’s no stopping the embrace of remote work,” according to an OpenVPN blog post. “The modern work trend offers many benefits to organizations, such as greater access to talent and increased employee engagement. But it also creates unique security challenges — which organizations across the board aren’t yet equipped to handle. Remote work’s rise isn’t slowing for anyone, so organizations must prioritize the refining of their policies sooner rather than later.”

Suggested articles