Employees pick up bad security habits while working from home
One in three employees has developed bad security habits while working remotely according to a new survey.
The study from human layer security company Tessian finds younger employees are most likely to admit they cut cybersecurity corners, 51 percent of 16-24 year-olds and 46 percent of 25-34 year-olds report that they’ve used security workarounds.
In addition, 39 percent say the cybersecurity behaviors they practice while working from home differ from those practised in the office, with half admitting it's because they feel like they're being watched by IT departments. IT leaders are optimistic about the return to office, with 70 percent believing staff will more likely follow company security policies around data protection and privacy. However, only 57 percent of employees think the same.
Over a quarter of employees admit they have made cybersecurity mistakes -- some of which compromised company security -- while working from home that they say no one will ever know about. While 27 percent say they have failed to report cybersecurity mistakes because of fears of facing disciplinary action or needing extra security training.
When it comes to concerns about returning to work, 54 percent of IT leaders worry that staff will bring infected devices and malware into the workplace. This is likely a valid point as 40 percent of employees say they plan to work from personal devices in the office.
The majority of IT leaders (69 percent) also believe that ransomware attacks will be a greater concern in a hybrid workplace, with legal firms and healthcare organizations particularly worried about this threat. In addition 67 percent predict an increase in targeted phishing emails, adding to the rapidly growing number of phishing attacks faced by organizations.
"The shift to an all-remote workforce was one huge challenge for IT leaders, but the next transition to a hybrid work model is poised to be even more challenging - particularly when it comes to employees' behaviors," said Tim Sadler, co-founder and CEO of Tessian. "Employees are the gatekeepers to data and systems, but expecting them to be security experts and scaring them into compliance won’t work. IT leaders need to prioritize building a security culture that empowers people to work securely and productively, and understand how to encourage long-lasting behavioral change overtime if they’re going to thrive in this new way of working."
You can get the full report from the Tessian site.