Remote work- and cybersecurity

In April 2020, just as millions of people in the UK began working from home, Capterra surveyed 491 remote workers from small businesses to find out how they were managing the transition and how the pandemic had affected cybersecurity

One year on, and with many restrictions triggered by the COVID-19 pandemic still in effect, 504 remote employees responded to a second survey containing the same questions. Here, we examine longitudinal changes in attitudes towards remote work, wellbeing, and cybersecurity.

Key takeaways from the survey include:

  • 72% of remote workers like working from home, a 4 point increase on 2020.
  • 40% of remote workers say that loneliness is a challenge – up from 26% a year ago.
  • Just over 1 in 5 remote employees have received IT security training.
  • More than half of remote employees don’t know who to contact in their own company for matters of cybersecurity, privacy, or compliance.

40% of remote workers say loneliness is a challenge

Respondents to the Capterra survey see similar benefits to working from home in 2021 as they did in 2020. The biggest of these is the lack of a commute, which more than half (54%) cite as an advantage compared with 37% last year. Other major benefits cited include a casual dress code (39%), the ability to adjust work hours around personal life (33%), and no distractions from colleagues (32%).

Although working from home generally gives employees the freedom to spend more time with family and create a better work-life balance, isolation from friends and colleagues remains a significant and growing issue. In 2020, 26% of remote workers surveyed said that social connections and/or loneliness were a challenge – ahead of more work-specific problems like internet connection problems (25%), too many digital messages (23%), and communication with colleagues (20%).

In 2021, the proportion of remote workers who say loneliness is an issue has jumped to 40%, and 35% now say that communication with colleagues is a challenge – moving it from seventh on the list of challenges to second.

Biggest challenges of working from home

Remote workers are keener than ever to stay at home

Despite the drawbacks, employees are growing more attached to working from home. Last year, 68% said that they “like” (46%) or “really like” (22%) working from home. After 12 months, the proportion of positive responses had risen to 72%, with one-third (33%) really liking remote work and 39% liking it. 

Remote employees are also optimistic about the ability of their organisation to operate fully remotely in the future. 54% now say that their company could function at its full potential with permanent remote working staff, with 19% not sure and 27% saying they don’t believe their company could successfully operate remotely.

The overall desire to continue working away from the office has also grown stronger – from an already strong position. In 2021, 43% say they would like to stay remote full-time once the pandemic is over, up from 32% last year. 45% now say they would like to keep doing so on some days only (down from 55%).

Continue working from home

Employers have also changed the way they manage a remote workforce, focusing less on the “what” and more on the “how”. In 2020, the most commonly cited areas where remote employees had received guidance were around working hours (42%), followed by communication (36%) and team meetings (35%). This year, team meetings were the top response, with 43% of remote employees saying they have received guidance with online meeting best practices.

Remote workers report fewer phishing attacks, but security precautions are rare

Cyber attackers have benefitted from the uncertainty of the COVID-19 pandemic and the isolation of remote workers to launch new and more frequent attacks. When surveyed in April 2020, 30% of remote workers said they had fallen victim to a phishing attack (defined by the UK government as “different methods fraudsters use to get you to disclose your personal information”) since the lockdown began. 45% of these attacks were related to the COVID-19 pandemic. This year, the proportion of remote workers who say they have fallen for a phishing attack since lockdown began has dropped to 17%. 

Despite this change in the landscape, as well as the newly fertile environment for attackers to operate in, the prevalence of security measures within businesses remains low, with little difference between April 2020 and March 2021. In 2020, just 20% of surveyed employees had received IT security training. This year, that figure is 22%. 21% say they never access links without checking the destination URL, up from 17% last year. Meanwhile, 27% of this year’s survey respondents use two-factor authentication, which is up from 22% in 2020.

Of the 15 security measures available for respondents to select, only two attracted responses from more than one-third of respondents: 38% of remote workers have installed antivirus software and 38% regularly install software updates. In 2020, no response received more than 32% (installing regular software updates).

Other popular security measures include locking work devices when unattended (33% – up from 31% in 2020), logging in to the company server through a password-protected VPN (30% – up from 23% in 2020), and following the instructions of a password management policy (29% – up from 25% in 2020).

Actions for secure remote working

Remote workers fall short on security and compliance measures

Password management and user awareness remain two of the most effective means of protecting small and medium enterprises, but the data shows some trends that may concern business owners.

The UK National Cyber Security Centre (NCSC) publishes guidance for small and medium businesses, which includes information about password management and phishing protection. The Capterra surveys show practices that contravene this guidance, albeit with some improvement between 2020 and 2021.

26% of remote workers surveyed use one main password across multiple sites, down from 33% in 2020. 37% of remote workers responding to the 2021 survey admitted that they share password(s) between their personal and business accounts (14% “always” and 22% “in some cases”). However, this represents a drop compared to 2020, where 52% admitted to sharing passwords between accounts (23% “always” and 29% “in some cases”). The NCSC recommends using unique passwords for important accounts, which includes work accounts.

Most employees using one “master” password say they change it fairly frequently: 37% having done  so in the past month and another 40% having done so in the past six months. However, the NCSC’s own guidance does not recommend changing passwords just for the sake of it and only suggests doing so if you suspect that an account has been compromised.

Finally, all organisations in the UK – including SMEs – should have at least one person responsible for handling matters of cybersecurity and compliance. It is important that employees know who this person is so they can quickly and directly report data breaches in line with their obligations under the European General Data Protection Regulation (GDPR). According to the 2021 Capterra survey, just under 50% of remote workers know who to contact within their organisation, 16% are aware of such a position but say they don’t know who specifically to contact, and 19% say their company has no such individual. This final figure has almost doubled compared with 2020, where only 11% said that their employer did not have anyone in charge of cybersecurity, privacy, or compliance.

Looking for Remote Work software? Check our catalogue!

*Survey methodology

To collect the data for this report, we conducted an online survey in March 2021 The responses come from a sample of the UK market. Of the total respondents, we were able to identify 504 respondents that fit within our criteria:

  • UK resident
  • Employed by a small or mid-sized business
  • Employed full-time or part-time
  • Working remotely as a response to COVID-19.

The participants come from various business sectors and levels of seniority.

NOTE: This document, while intended to inform our clients about the current data privacy and security challenges experienced by IT companies in the global marketplace, is in no way intended to provide legal advice or to endorse a specific course of action. For advice on your specific situation, consult your legal counsel.