Remote Employees and Cybersecurity: Are Price-Conscious Workers Creating Security Gaps in Your Organization?

Where do you draw the line for your organization’s cyber protection? At the perimeter of your building? At the limits of your physical infrastructure? Or out to all company-issued endpoint devices, wherever they may be?

BlackBerry recently conducted new research in Europe revealing key gaps in organizational security, particularly those related to remote employees. Findings indicate that corporate endpoint devices deployed in employees’ homes frequently share networks with a growing number of “smart” — and potentially insecure — domestic devices. We further found that remote employees do not prioritize security when they purchase IoT (Internet of Things) devices for their homes. (See the BlackBerry infographic for more research detail). 

Let’s look at some of the results of the study, where BlackBerry asked 4,000 homeworking employees across the UK, France, Germany, and the Netherlands for insight on their smart device purchase decisions, and provision for home security by their organizations. The results highlight a substantial – and growing – gap in cybersecurity protection.

Homes Are Getting Smarter, but Not Necessarily More Cybersecure

Across Europe, consumers are adopting and installing a record number of new smart technologies in the home – from connected appliances to electric vehicle (EV) charging stations, to wireless security cameras, doorbells, and thermostats. 

In the Netherlands, 4.5 million households implemented smart devices at home in the past year. In the UK, more than 15 million households installed a smart utility meter to monitor their own electricity usage — following a 2021 energy crisis where prices surged. And in Germany, homeowners are implementing smart thermostats that promise cost and energy savings of 20% or more.

At the same time, the research reveals that cost-conscious buyers fail to prioritize security in their smart device purchases. 

• 68% of European homeworkers do not identify security among the top three considerations in their smart device purchases. 

• 28% say their employers fail to put adequate security provisions in place to extend cyber protection across their home networks.

• 75% say their employers have taken no steps at all to secure their home internet connections or to provide software protection for home devices. 

Together, this can dramatically heighten the risk of cyberattacks for both businesses and their employees, as hybrid and home-based working become the norm. When consumers drop their guard to focus on price, and businesses don’t extend their security cover to compensate, cybercriminals can take advantage of these unsecured access points. That can lead to the theft of valuable personal and corporate data.

Smart Home Devices: A Growing Threat Vector

As the diversity and complexity of the IoT ecosystem increases, so does the opportunity for cyberattacks. European Commission President Ursula von der Leyen summed it up during remarks on cybersecurity: “If everything is connected, everything can be hacked.”

Even the most innocent of home devices can allow bad actors to access home networks — often with connections to company-owned devices, or company data residing on consumer devices — leaving organizations vulnerable. Our research reveals that too often, the responsibility to safeguard these connected devices is left to the employee and device manufacturers.

Adding to this challenge is the recent global hike in the cost of living, along with escalating geopolitical conflicts and a growing cybersecurity insurance gap. Past developments, similar to these, created the ideal recipe for increased cyberattacks. For example, cybercrime increased during both the global financial crisis of 2008-2009 and again during the height of the COVID-19 pandemic.

Such periods of economic instability and social disruption tend to compound the challenge of implementing more effective cybersecurity, and the current proliferation of hybrid and home working practices — especially in homes that are getting “smarter,” but not necessarily more cybersecure — means we may experience a similar spike in cyberattacks during the coming months

Crucially, organizations need to include devices beyond their immediate reach as they consider their cybersecurity protection while preparing for challenging economic times ahead.

Closing the Smart Device, Cybersecurity Gap

How can organizations help close this work-from-home cybersecurity gap? Here are three places to start:

1. People: Begin with a policy for remote employee security, then back it up with training. Our research found only 26% of companies established a cybersecurity policy with advice for smart devices/home working.
2. Process: In our experience, most issues are rooted in inadequate preparation. The SANS Institute incident response cycle offers an accessible guide and a process framework that the CylanceGUARD® team at BlackBerry uses for "blue team" testing. It starts with preparation and continues through identification, containment, eradication, and recovery in the event of a breach.
3. Technology: Talk to BlackBerry for help assessing and remediating the exposure that hybrid work poses to your company, and how to ensure protection across the entire landscape of cyber risk. Visit BlackBerry.com/Cyber for more information — and to start closing this gap.

Related Reading

• Why New Cyberattacks Against Russia Matter to SMBs Everywhere
• The Cyber Insurance Gap: What Is It, and How Can We Close It?
• Cybersecurity and the Future of Trust: BlackBerry LIVE Interviews CISO John McClurg