Remote work, or work from anywhere, is the reality for most organizations. However, organizations are still in the early stages of implementing security technology to accommodate the remote workforce, according to a recent report from Fortinet.
The insecurity of home networks, employees using company laptops for personal use, and compromised family devices infecting an employee's work device are considered to be the top security risks around work-from-anywhere, the company found in its "2023 Work-From-Anywhere Global Study." Just shy of three-quarters of respondents (71%) of respondents said the responsibility for protecting home offices falls on the corporation and service providers.
Of the 570 respondents, 40% had shifted back to being in the office full-time and 55% had some form of hybrid policy (remote work either one to two days or three to four days per week). Nearly two-thirds (62%) of respondents said their companies experienced a data breach during the past two to three years that could be attributed to an employee working remotely.
The survey asked respondents to identify which security solutions are the most important to secure remote employees, which security solutions have already been deployed within their organizations, and which areas they plan to invest in over the next 24 months. The results are uneven and show that organizations have much room for improvement in how they protect their remote workforce. While the top priority was network access control, only 58% said they have deployed network access control. In fact, only half of the respondents in the survey said they have implemented some of the fundamentals, such as installing antivirus on corporate devices (62%), enabling multifactor authentication (59%), and setting up a secure web gateway (53%). Barely half of the organizations have VPNs (51%) or require employees to run a firewall on personal devices (48%) despite the fact that they both were included in the list of 10 most important security technologies to protect remote workers.
Interestingly, those who have had a breach that can be attributed to a remote employee are more likely to be investing in antivirus for corporate devices, virtual private networks, secure access service edge, SD-WAN, and zero-trust network access. However, the report suggests that organizations are still figuring out what kind of protection to provide.
Not many organizations have deployed advanced security controls, such as zero trust networks (29%) or extended detection and response (XDR), but the interest in implementing them is high, at 72% and 79%, respectively. The fact that 92% of the respondents said they have plans to implement VPN in the next two years is a sign of just how far organizations have to go.