Here's how employees in the US, UK, France and Germany are putting systems at risk, according to CyberArk.
As companies have responded to the coronavirus pandemic by shifting employees from the physical workspace to the home office, the remote working environment has greatly expanded—and with this new normal, come some challenges to corporate security.
A survey from CyberArk released on Wednesday shows exactly how remote employees are compromising security. Looking at the work-from-home habits of 3,000 employees and IT professionals in the US, UK, France and Germany in April, the survey revealed that behavior such as reusing passwords or allowing family and friends access to corporate devices, is compromising business systems and making sensitive data vulnerable to cyberthreats.
"The security posture of organizations continues to be tested as many remote employees face daunting challenges balancing productivity and security across their professional and personal workspaces," said Marianne Budnik, CMO of CyberArk, in the press release. "As more organizations extend work-from-home policies for the long term, it's important to capture lessons learned from the initial phases of remote work and shape future cybersecurity strategies that don't require employees to make tradeoffs that could put their company at risk."
SEE: Top 100+ tips for telecommuters and managers (free PDF) (TechRepublic)
According to the survey, 77% of employees working from home are accessing corporate systems via insecure "BYOD"—or "bring your own device." Additionally, two-thirds of respondents (66%) report the use of collaborative software such as Zoom and Microsoft Teams, which have been criticized recently for security flaws—in the case of Zoom, this included uninvited users "Zoom bombing" graphic images, and the leaking of private material.
The habits of work-from-home employees may arise from the different attitudes around security workers have while at the office versus at home. It could also result from the increased pressure facing remote workers who, during COVID-19, are dealing with a range of other responsibilities—like home-schooling children or taking care of parents—and the study found that working parents were particularly lax with security measures. Nearly all respondents, 93%, report reusing passwords for application logins and for devices. Nearly a third (29%) have given access to these applications or devices to family members. And more than a third (37%) save passwords on web browsers of their corporate devices.
The big takeaway from the survey is that IT teams need to do more to ensure that remote workers are securely managing devices and applications while away from the office. A whopping 40% of respondents have not increased security protocols during the new remote work era, even as 94% of IT teams report confidence in security in the remote workforce.
SEE: Security Awareness and Training policy (TechRepublic Premium)
As working from home is expected to continue, even after the pandemic subsides, the risky security practices of employees should be a top concern for CXOs, who should be vigilant about protecting their companies most critical assets, according to the report.
- How to become a cybersecurity pro: A cheat sheet (TechRepublic)
- Kubernetes security guide (free PDF) (TechRepublic download)
- Information security policy (TechRepublic Premium)
- Online security 101: Tips for protecting your privacy from hackers and spies (ZDNet)
- All the VPN terms you need to know (CNET)
- Cybersecurity and cyberwar: More must-read coverage (TechRepublic on Flipboard)