9 November 2020IT & claims management analysis

A third of US companies not practising basic cybersecurity protocols: Visual Objects

More than one-third (34 percent) of full-time employees at companies in the US are not practising basic cybersecurity protocols, according to a new survey report from Visual Objects, a visual guide to finding and hiring the best creative firms.

The report found that many US companies do not require secure wifi networks, two-factor authentication, VPNs, or password managers, and are not offering phishing training, despite the increased risk due to remote work.

Companies are hesitant to invest in cybersecurity due to the economic uncertainty caused by the pandemic, according to Darren Deslatte, vulnerability operations leader of Entrust Solutions, despite the potential impact of lax cybersecurity protocols.

“A single data breach can easily shutter a business forever, so it’s important to maintain your cybersecurity at all times, even in difficult circumstances,” Deslatte said.

Currently, 35 percent of employees are required to use a secure wifi network for work activities, making it more common than all other basic cybersecurity protocols, including VPNs (31 percent), two-factor authentication (31 percent) and phishing training (32 percent).

Cybersecurity professionals argue risk management practices such as phishing training should be more common, especially considering increased email communications during remote work. Phishing scams are the leading cause of worldwide cyber attacks.

Founder of information security firm Chicago Metrics, Edward Marchewka, advised companies to focus on phishing awareness for data security.

“I have worked at several organisations over the years, and every one of them has been a target of a phishing attack,” Marchewka said.

Employees at two-thirds (66 percent) of companies are contributing to cybersecurity risk management goals by taking home work computers, allowing employees to separate work data from personal files.

Experts believe that employees benefit from keeping work data and personal information on separate devices. Personal computers are more often used on public, unsecured networks that are more vulnerable to threats such as man-in-the-middle attacks.

As long as work devices have secure remote access systems and ransomware in place, employees are more likely to keep sensitive company data protected while remote.

Visual Objects surveyed 500 full-time US employees to gain insights into how companies are managing cybersecurity risks during remote work and COVID-19.

Read the full report here: