Bad habits creeping into cyber security
Over a third (36%) of employees say they have picked up bad cyber security behaviours and found security ‘workarounds’ since working remotely, according to a new report from Tessian, the human layer security company.
The report, which analysed ‘Back to Work’ security behaviours, also revealed that nearly a third of employees (30%) believe they can get away with riskier security behaviours when working remotely, with two in five (39%) admitting the cyber security behaviours they practice while working from home are different to the behaviours practiced in the office.
Shockingly, nearly half (49%) say the reason for this is because they feel they aren’t being watched by IT. Furthermore, the data revealed that over a quarter of employees have made a mistake that has compromised company security that they have never told anyone about, due to fear of disciplinary action or having to take part in more security training.
Therefore, 70% of IT leaders think that the return to office will encourage staff to follow company security policies around data protection and privacy.
However, the report revealed other security concerns IT leaders could face when staff return to office. For example, over half of IT leaders (54%) are worried that staff will bring infected devices and malware into the workplace when businesses transition back to the office, while 69% of IT leaders believe that ransomware attacks will be a greater concern in a hybrid workplace.
What’s more, 67% predict an increase in targeted phishing emails in which cybercriminals take advantage of the transition back to working in the office. Tessian’s platform data revealed a spike in “hybrid work” related scams when lockdowns eased in the UK last month. In the week commencing 10th May 2021, Tessian found that the number of suspicious emails related to 'hybrid work' was 39% higher than the overall weekly average of 'back to office' themed emails flagged by Tessian since the start of 2021.
Lastly, six in ten IT leaders said the return to business travel will pose greater cybersecurity challenges and risks for their company. These risks could include a rise in phishing attacks whereby threat actors impersonate airlines, booking operators, hotels or even senior executives supposedly on a business trip. There is also the risk that employees accidentally leave devices on public transport or expose company data in public places.
Tim Sadler, CEO, Tessian commented: “The shift to an all-remote workforce was one huge challenge for IT leaders, but the next transition to a hybrid work model is poised to be even more challenging - particularly when it comes to employees’ behaviours”
“Employees are the gatekeepers to data and systems, but expecting them to be security experts and scaring them into compliance won’t work. IT leaders need to prioritise building a security culture that empowers people to work securely and productively, and understand how to encourage long-lasting behavioural change overtime if they’re going to thrive in this new way of working.”