Bad Cyber Security Behavior At Home Risks Being Taken Back To Work

Uploaded on 2021-06-28 in TECHNOLOGY--Resilience, FREE TO VIEW

Millions of workers, employees and managers who have worked remotely because of Coronavirus are beginning to return to the office,  possibly bringing the very bad cyber security habits of home working back into the office with them, putting companies at greater risk of serious cyber security incidents. 
 
A new survey by the email security experts Tessian explains that after more than a year of remote working, offices are reopening and nearly every business is adopting a hybrid working structure. This is allowing employees to work from home and or from the office, and that this significant change in working conditions creates a fundamental shift in cyber security priorities.  
 
Tessian surveyed over 4,000 employees in the US and UK across various company sizes and industries, along with 200 IT professionals, to better understand back-to-work trends. Their report, which analysed ‘Back to Work: Security Behaviours’,  reveals that nearly a third of employees (30%) believe they can get away with riskier security behaviours when working remotely, with two in five (39%) admitting the cyber security behaviours they practice while working from home are different to the behaviours practiced in the office. 

As numerous organisations  plan for the “great return”, their decision makers need to ask some tough questions:

  • Will employees need a refresh on safe cyber security behaviors in the workplace? 
  • How will the threat landscape change? 
  • What role will the CISO play in the new hybrid workforce?

Tessian found some equally tough answers in their survey results: 

  • More than half (56%) of IT leaders believe employees have picked up bad cyber security behaviors since working remotely.
  • The majority (69%) of IT professionals predict a spike in ransomware attacks and targeted phishing scams in the transition back to the office.
  • Over a quarter of employees are scared to admit they’ve made mistakes that compromise security at work.
  • Six in every ten IT leaders said the return to business travel will pose greater cybersecurity challenges and risks for their company.

“The shift to an all-remote workforce was a huge challenge for IT leaders, but the next transition to a hybrid work model is set to be even more challenging - particularly when it comes to employees’ behaviors,” said Tim Sadler, co-founder and CEO of Tessian. The risks Tessian have identified could result a rise in phishing attacks whereby threat actors impersonate airlines, booking operators, hotels, or even senior executives supposedly on a business trip. There is also the risk that employees accidentally leave devices on public transport or expose company data in public places.

“Employees are the gatekeepers to data and systems but expecting them to be security experts and scaring them into compliance won’t work. IT leaders need to prioritise building a security culture that empowers people to work securely and productively, and understand how to encourage long-lasting behavioral change overtime, if they’re going to thrive in this new way of working.” Sadler said.  

TESSIAN    Forbes:      RealWire:      Security Informed:       Infosecurity Magazine:     Image: Unsplash
 
You Might Also Read:
 
Remote Working & Cyber Security:
 
 
« Ukraine Cyber Police Crack Hacker Group
China Is Gaining Technical Supremacy »

CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

Solarflare

Solarflare

Solarflare is a leading provider of intelligent networking I/O software and hardware platforms that accelerate, monitor and secure network data.

360Logica

360Logica

360Logica is a software testing company offering numerous kinds of testing services to improve the quality and performance of your software and IT systems.

PakCERT

PakCERT

PakCERT is the national Computer Emergency Response Team for Pakistan.

S2T

S2T

S2T builds cyber intelligence solutions based on deep expertise in diverse domains such as intelligence, machine learning and AI, big data processing, statistics and linguistics.

WiSecure Technologies

WiSecure Technologies

WiSecure Technologies aims to develop cryptographic products meeting requirements in the new economic era.

ShardSecure

ShardSecure

ShardSecure Microshard technology eliminates data sensitivity, providing security, privacy and compliance beyond encryption.

Secmation

Secmation

Secmation are an agile engineering services firm providing advanced DoD level security design and consultation services for both commercial and defense hardware and software applications.

Mobileum

Mobileum

Mobileum is a leading provider of Telecom analytics for roaming, security and risk management and end-to-end domestic and roaming testing solutions.

FortifyIQ

FortifyIQ

FortifyIQ's mission is to advance maximum security against side-channel attacks across the entire computing spectrum.

Trackd

Trackd

At trackd, we’re re-imaging vulnerability remediation for the benefit of the entire cyber security community. Automating Vulnerability Remediation without the Fear of Disruption.

AArete

AArete

AArete is a global management and technology consulting firm specializing in strategic profitability improvement, digital transformation, and advisory services.

Radius Technologies

Radius Technologies

Radius Technologies is trusted by progressive SMEs to deliver world-class cloud, IT solutions, IT and data security, and telecoms systems.

Crypto Legal

Crypto Legal

Crypto Legal is a leading UK-based law firm specialising in blockchain forensics and legal services.

Kerberus Cyber Security

Kerberus Cyber Security

Kerberus Cyber Security (formerly MintDefense) is a leading innovator in Web3 user security, dedicated to safeguarding digital assets and transactions through its flagship product, Sentinel3.

REAL Security

REAL Security

REAL Security is a market leader across the Adriatic region in value-added distribution in the field of IT Security & virtualisation.

Ransomware Help

Ransomware Help

Ransomware Help is a trusted ransomware recovery company offering fast and effective ransomware recovery services to get your business back on track.