Many security leaders believe that employees have picked up bad cyber security habits since working remotely

Published: Tuesday, 15 June 2021 09:53

A new report from Tessian reveals that a majority of IT leaders (56 percent) believe that their employees have picked up bad cyber security behaviors  / behaviours since working from home. As organizations make plans for the post-pandemic hybrid workforce, Tessian’s Back to Work Security Behaviors report reveals how security behaviors have shifted during the past year, the challenges as organizations transition to a hybrid work model, and why a fundamental shift in security priorities is required.

According to the report, younger employees are most likely to admit they cut cybersecurity corners, with over half (51 percent) of 16-24 year olds and almost half (46 percent) of 25-34 year olds reporting they’ve used security workarounds.

In addition, two in five (39 percent) say the cyber security behaviors they practice while working from home differ from those practiced in the office, with half admitting it’s because they feel they were being watched by IT departments. IT leaders are optimistic about the return to office, though, with 70 percent believing staff will more likely follow company security policies around data protection and privacy. However, only 57 percent of employees think the same.

Security pitfalls in a hybrid workforce

After addressing employee security behaviors while working remotely, IT leaders face a new set of challenges with security threats posed by a hybrid workforce, as lockdowns ease and the lines between personal and professional lives blur:

Dodgy devices: Over half of IT leaders (54 percent) are concerned that staff will bring infected devices and malware into the workplace. And their apprehension is well founded: 40 percent of employees say they plan to work from personal devices in the office.

Ransomware rising: The majority of IT leaders (69 percent) believe that ransomware attacks will be a greater concern in a hybrid workplace, with legal firms and healthcare organizations particularly concerned about this threat.

The age of phishing: Over two-thirds of IT decision makers (67 percent) predict an increase in targeted phishing emails in which cybercriminals take advantage of the transition back to the office, adding to the rapidly growing number of phishing attacks faced by organizations.

Failure (or fear) to report cyber security mistakes: Over one quarter of employees admit they made cyber security mistakes — some of which compromised company security — while working from home that they say no one will ever know about. More than one quarter (27 percent) say they failed to report cyber security mistakes because they feared facing disciplinary action or further required security training. In addition, just half of employees say they always report to IT when they receive or click on a phishing email.

Return to business travel: As lockdown restrictions are lifted, six in 10 IT leaders think the return to business travel will pose greater cyber security challenges and risks for their company. These risks could include a rise in phishing attacks whereby threat actors impersonate airlines, booking operators, hotels or even senior executives supposedly on business trips. There is also the risk that employees accidentally leave devices on public transport or expose company data in public places.

As cybersecurity will be mission critical in the new work environment, it’s encouraging that 67 percent of surveyed IT decision makers report that they have a seat at the table when it comes to office reopening plans in their organizations. The organizations and IT leaders that address risky human behaviors and corresponding security threats will thrive in a hybrid work model.

About the research

Tessian commissioned OnePoll to survey over 4,000 professionals in the US and UK across various company sizes and industries, as well as 200 IT professionals to identify back to work trends.

More details.