Blocking porn sites didn't stop remote workers from accessing them – or fix browser security issues, according to new research. Here's how companies are rethinking work-from-home policies.

  • The cybersecurity company Netskope has released new research showing that traffic to porn sites from corporate computers is up 600% in the work-from-home era.
  • Yet many big companies are unblocking adult websites as they revisit their policies on home use of work computers. 
  • Blocking websites often doesn't work, Netskope researcher Ray Canzanese says, and many corporate bans fail to block the most dangerous websites. 
  • Flagging dangerous sites and coaching employees to understand safe remote use of work laptops is more effective, Netskope says. 
  • Part of this new approach is an empathetic understanding that employees' work lives have changed dramatically in remote work, Canzanese says.
  • Visit Business Insider's homepage for more stories.

Employees accessing porn on their work laptops climbed 600% from the COVID-19 migration until the end of June, according to new research from the cybersecurity company Netskope. Yet many big firms are responding to that by unblocking adult websites as they revisit effective remote work policies, the firm says. 

"Risky web browsing has been slowly climbing month-over-month," says Ray Canzanese, director of Netskope Threat Labs, and author of the research. "In a lot of cases we have our customers choosing not to block things." 

The reason? Blocking doesn't work, but "coaching" employees does. Netskope helps companies monitor and secure how their employees are accessing the web and using cloud software such as Google Drive, Dropbox, and Slack. Netskope's software analyzes employee activity and notes when there's something suspicious going on, helping the IT department respond to incidents.

"By repeatedly coaching and educating employees on proper security hygiene, it will allow them to better understand the proper protocol when they're in the office or even working remotely," says Sanjay Beri, the CEO of Netskope. "As the line between home and office continues to get hazy, malicious cybercriminals are looking for areas of weakness. Now more than ever, companies need to ensure that security is baked into company culture so employees can follow accordingly."

And many porn sites aren't that dangerous, from a cybersecurity standpoint: Your friend's blog about gardening could be much worse, the new research shows.  

Many of the malicious threats that Netskope's cybersecurity cloud platform detects and blocks are hosted on websites that aren't blocked by corporate policies, the research found. There are more threats associated with personal websites people have set up themselves and blogs – and traffic to that category has doubled during the pandemic.

Netskope urges companies to address the threats, wherever they are, rather than just implementing blocks on certain kinds of sites.  

"We see organizations making this transition during COVID," the researcher Canzanese says. "It used to be 'let's just block everything'  because if everything is blocked, you're only allowed to do work."

Except it doesn't work that way, Canzanese says. "When you say 'no, you can't do that' the normal human reaction is to say, 'Yes I can, and I'm going to find a way to do it. There must be another way around it.'"

That begins a cat-and-mouse game with employees that doesn't address the biggest threats from malicious websites, Netskope found. "Malicious content is all over the place," Canzanese says. "Personal sites and blogs are one of the places that we see a lot of malicious content, but in truth we see it all over the web." 

Canzanese says coaching employees in acceptable use of their laptops during remote work is much more effective. If a pop-up asks an employee if they really want to visit a website that is risky – like a porn site – between 80% and 85% of employees don't click through, the research found. 

Discussing policies with employees rather than declaring bans is much more effective, in part because the work-from-home environment has evolved to a distinctly different environment than the on-premises office. Employees may use one device for both work and life obligations in a way they didn't when their job was more clearly delineated from their life. 

Steve Albrecht, an expert in the intersection of cybersecurity and human resources who consults with government agencies and companies, says he agrees that coaching on remote work behavior is important as quarantined work life continues: "Work life is completely different for many employees, and it's important that employers understand their situation. A lot of organizations were caught off guard, and need to play catch-up on re-evaluating policies."

Changes in behavior are inevitable as remote work continues, Canzanese says. Access to educational apps leapt 450% this year, as parents need to help kids with schoolwork. Traffic to shopping sites on work laptops has continued to climb as employee try to cut down on physical retail. Streaming of Netflix on remote laptops is up as remote workers stay sane by watching their favorite TV shows. 

How employees visit these websites and engage in these activities is what's important, and policies must take into account the world of remote workers, Canzanese says. "If you help your kids do their homework online, that's very different from handing off your work laptop to them for hours unsupervised."

Regulated industries like finance are still keeping strict rules in place. Those industries must, by law, block some areas of the web, Canzanese says. 

But for most, a more empathetic approach that appeals to employees as partners is good cyber hygiene is part of the digital transformation many companies are going through. "I think cybersecurity has been heading this direction for several years," Canzanese says. "And COVID just gave it a huge push."

Source: Read Full Article