Risky online behavior surges under lockdown
Surveyed during the lockdown period, 67 percent of security professionals report that they have caught employees engaging in unsafe or unproductive activity on the web.
The study of 300 cyber security professionals from cloud security company Censornet finds the most common bad behaviour is employees using streaming services at work such as Netflix or Amazon Prime (35 percent).
However, many are also bringing potentially harmful content onto the corporate network, 27 percent report that they have caught employees downloading pirated material on work devices, 21 percent have caught employees visiting adult sites at work and 21 percent say employees have bypassed web security to access blacklisted sites on the company network.
"Due to flexible working hours and more relaxed access policies on work laptops, the boundaries between work-life activities have become blurred - for everyone," says Ed Macnair, CEO of Censornet. "We were quite shocked to find that even the security employees themselves had admitted to breaking some of the cardinal rules of web security. However, at this uniquely challenging time, with an unprecedented shift to new IT practices and COVID-related cyber attacks -- trying to mitigate the dangerous actions of employees is not an added complexity the security team needs. If these bad practices are left unchecked, it is ultimately the security team’s job that is made harder."
There are also a number of risky cloud behaviors, 41 percent found employees using the same password across multiple accounts, 33 percent caught employees storing sensitive data in the cloud without proper protection in place, 26 percent have found employees sharing links to documents in the cloud to third parties without authorization, and 23 percent report that employees have shared their cloud service logins with other people.
But the study also shows that security professionals are underestimating the risks. 91 percent of respondents believe that their cloud security solutions are adequately protecting people at home, and the same percentage also believe that their organization's cyber security strategy was prepared to support colleagues working from home.
Macnair adds, "Cloud services are now ubiquitous, used by almost all organizations, and yet they are often a blind spot when it comes to security. The higher rate of dangerous behavior demonstrates that employees do not recognize that -- by failing to put proper security protection in place and sharing access with people outside of their organization -- they are either accidentally or intentionally creating security breaches and data leaks. We see major data breaches due to misconfigured cloud services in the news almost weekly. These have very real consequences: financial loss, legal and regulatory action, and -- ultimately -- customer attrition. Companies and their employees have to take these breaches incredibly seriously."
The full report is available from the Censornet site.