Research

1 in 5 IT Security Pros Admit Their Work Devices Have Been Used by Other Members of Their Household

• By Rhea Kelly
• 04/14/21

In a recent survey, 60 percent of IT security practitioners agreed that remote work conditions during the COVID-19 pandemic have created data security issues within their organizations. And while 75 percent have put COVID-centric security policies in place to address the changing dynamics of remote work, the survey revealed a number of areas where respondents' security practices and attitudes were more relaxed than one might expect.

Hardware encryption company Apricorn polled 420 IT security professionals worldwide about their security practices and policies during the past 12 months of working remotely. Just over 15 percent of respondents work in the education sector. Nearly 40 percent have a 16- to 20-year tenure working in IT security, and 25 percent said they make decisions about their organization's IT offerings. Among the findings:

• Nearly 20 percent of respondents admitted that their work devices had been used by other household members during the period of remote work.
• 38 percent agreed that data control during the pandemic has been very hard to manage.
• While 70 percent said they want an encrypted USB policy within their organization, 40 percent did not have plans to roll out a corporate USB program. And 45 percent said their organization allows the use of personal USB devices without corporate oversight.
• 27 percent said they are not concerned about loss of data through third-party vendors, even though 45 percent have increased the number of vendors with which they work.
• 25 percent reported they are not concerned about cloud security, although they have seen an increase in cloud usage during remote work.
• 30 percent said they are concerned about cloud security but have "strong processes" to manage data stored in the cloud; 19 percent shared the same concerns but did not have cloud storage policies in place.
• Just under half of respondents (49 percent) said individual employees in their organization do not consider themselves targets for attackers seeking to access the organization's data.

"The pandemic has thrown up many challenges this year, but data protection should not have been one of them. It should not be an afterthought, incorporated into the business strategy as a result of an incident or as a reactive response to regulatory issues such as GDPR, but core to business operations and security best practice," the report concluded. "With remote working set to continue post-COVID-19, it has become even more important that organizations worldwide should be both coherent and proactive when it comes to a multi-layered, data-centric approach to cybersecurity that incorporates the information lifecycle in its entirety — across people, process and technology."

The full report is available on the Apricorn site (registration required).