SailPoint Technologies Holdings, Inc. (NYSE: SAIL), the leader in identity security, today released an international study revealing security pitfalls that stem from remote work. The human workforce always comes with a certain security risk level, as hackers continue to target people as the enterprise’s weak link. Yet, with the COVID-19 shutdowns, and the subsequent need to enable remote work by opening up access to entire workforces, many organizations inadvertently opened the door to expansive risk. The survey uncovered several security threats with every worker whose access was freely granted without proper security controls in place, including phishing attempts, using personal devices for work and vice versa, and sharing passwords with friends and family.
HR Technology News: BetterUp Promotes Dr. Gabriella Rosen Kellerman to Chief Product Officer
“When the pandemic began, businesses had to flip a switch to enable remote work nearly overnight. In this rush, many companies focused on granting access, skipping over the securing of that access. This resulted in an explosion of unsecured technology access across the business,” said Juliette Rizkallah, CMO, SailPoint. “You cannot do business today without technology, and you cannot securely use technology without identity security. Companies are recognizing how foundational identity security is to their business as we continue to work from home. Those who had identity security in place were set up for success, while those without strong identity security programs found themselves in an unexpected risk management time crunch.”
SailPoint’s survey engaged a representative sample size of consumers 18+ across the United States, the United Kingdom, France, Germany, Australia, and New Zealand, digging into seemingly innocent overlaps that a newly remote employee may experience during life working from home. While the COVID-19 pandemic is the worst health crisis seen in nearly a century, bad actors view it as a way into a company. Nearly half (48%) of total U.S. respondents said they had experienced targeted phishing emails, calls, or texts in a personal or professional capacity during the first six months of remote work. Similarly, over half of EMEA and ANZ respondents (51%) experienced a phishing attack since the pandemic began, with one in ten (10%) reporting they were targeted by one or more a week.
Rizkallah commented, “In the case of phishing, hackers target employees with malicious links embedded in carefully crafted emails. Upon clicking, employees unknowingly download keylogging software onto their PC providing their credentials to malicious actors. A hacker can then freely access important business assets and data, masquerading as a legitimate employee. With identity security, suspicious user behavior anomalies such as large data downloads, or after-hours activity, can be quickly spotted and remediated by making users change their password or by revoking access until anomalies are analyzed and cleared.”
HR Technology News: How Microlearning Can Help You Take Control of Your Career Growth