AFC CHALLENGES
Graphic 2 : Visual depiction of a VPN tunnel
Internet
VPN Tunnel
Source : Website Rating 5
Residual risk
Of course , the answer is not going to be as simple as “ company-issued devices and VPN ,” as we live in a world where good solutions are rarely simple , and even great solutions often leave gaps . According to one report , 20 % of organizations have experienced some sort of cyberattack as a result of a remote worker since the start of the COVID- 19 pandemic . 6 Even in the environment described above , there is still the risk that an employee will attempt ( and probably succeed ) in moving data stored on a companyissued device to a personal device . Files can be transferred via email ( and not always the secure kind ) and file-sharing sites , and even an organization ’ s own cloud backup provider could be used against them to transfer files from a secure network to a private device .
There could be various reasons why an employee would transfer sensitive corporate data to a personal device to work on it from there , and many of these reasons may not be malicious in nature . Some possible reasons are listed below :
1 . Convenience : Employees may prefer to work on the data from a personal device because it is more convenient . For example , they may have certain software or tools installed on their personal device that are not available on their work device .
2 . Flexibility : Employees may need to work on the data outside of regular work hours or from a location where they do not have access to the company network . For example , while traveling .
3 . Productivity : Employees may believe that they can be more productive working on the data from their personal devices , perhaps because they are more comfortable with the device or have more control over their environment .
4 . Collaboration : Employees may need to collaborate with others who are also working on the data from their personal devices , or they may need to share the data with others who are not part of the organization .
5 . Security concerns : Employees may be concerned about the security of their work device or the organization ’ s network and may feel that their personal device is more secure ( perhaps erroneously ) than a companyissued device . ( IT personnel , I am looking at you .)
There are likely other reasons why an employee would do this , such as a malfunction of the company-issued device , the desire to use more processing power or to multitask , or a preference to use a personal computer instead of the company-issued device when the user is surfing the web while working . Graphic 3 depicts the large percentage of remote workers in organizations .
28 acamstoday . org