Bad Cyber Security Behavior At Home Risks Being Taken Back To Work

Uploaded on 2021-06-28 in TECHNOLOGY--Resilience, FREE TO VIEW

Millions of workers, employees and managers who have worked remotely because of Coronavirus are beginning to return to the office,  possibly bringing the very bad cyber security habits of home working back into the office with them, putting companies at greater risk of serious cyber security incidents. 
 
A new survey by the email security experts Tessian explains that after more than a year of remote working, offices are reopening and nearly every business is adopting a hybrid working structure. This is allowing employees to work from home and or from the office, and that this significant change in working conditions creates a fundamental shift in cyber security priorities.  
 
Tessian surveyed over 4,000 employees in the US and UK across various company sizes and industries, along with 200 IT professionals, to better understand back-to-work trends. Their report, which analysed ‘Back to Work: Security Behaviours’,  reveals that nearly a third of employees (30%) believe they can get away with riskier security behaviours when working remotely, with two in five (39%) admitting the cyber security behaviours they practice while working from home are different to the behaviours practiced in the office. 

As numerous organisations  plan for the “great return”, their decision makers need to ask some tough questions:

  • Will employees need a refresh on safe cyber security behaviors in the workplace? 
  • How will the threat landscape change? 
  • What role will the CISO play in the new hybrid workforce?

Tessian found some equally tough answers in their survey results: 

  • More than half (56%) of IT leaders believe employees have picked up bad cyber security behaviors since working remotely.
  • The majority (69%) of IT professionals predict a spike in ransomware attacks and targeted phishing scams in the transition back to the office.
  • Over a quarter of employees are scared to admit they’ve made mistakes that compromise security at work.
  • Six in every ten IT leaders said the return to business travel will pose greater cybersecurity challenges and risks for their company.

“The shift to an all-remote workforce was a huge challenge for IT leaders, but the next transition to a hybrid work model is set to be even more challenging - particularly when it comes to employees’ behaviors,” said Tim Sadler, co-founder and CEO of Tessian. The risks Tessian have identified could result a rise in phishing attacks whereby threat actors impersonate airlines, booking operators, hotels, or even senior executives supposedly on a business trip. There is also the risk that employees accidentally leave devices on public transport or expose company data in public places.

“Employees are the gatekeepers to data and systems but expecting them to be security experts and scaring them into compliance won’t work. IT leaders need to prioritise building a security culture that empowers people to work securely and productively, and understand how to encourage long-lasting behavioral change overtime, if they’re going to thrive in this new way of working.” Sadler said.  

TESSIAN    Forbes:      RealWire:      Security Informed:       Infosecurity Magazine:     Image: Unsplash
 
You Might Also Read:
 
Remote Working & Cyber Security:
 
 
« Ukraine Cyber Police Crack Hacker Group
China Is Gaining Technical Supremacy »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Rubicon Workflow Solutions

Rubicon Workflow Solutions

Rubicon is a leading provider of managed IT support and strategic services, specialising in creative and mixed platform environments.

QuintessenceLabs

QuintessenceLabs

QuintessenceLabs offers a suite of Data Security technology, products and solutions to secure digital information in-transit, at-rest or in-use.

DefCamp

DefCamp

DefCamp is the most important annual conference on Hacking & Information Security in Central Eastern Europe.

CICRA Consultancies

CICRA Consultancies

Cicra Consultancies is a company that specializes in cyber security. Our major activities are guided by three main principles: Prevent, Investigate, Prosecute.

Stratus Technologies

Stratus Technologies

Edge Computing solves the inherent challenges of bandwidth, latency, and security at edge locations to enable IIoT devices and data acquisition.

Liminal

Liminal

Liminal is a boutique strategy advisory firm serving digital identity, fintech, and cybersecurity clients, and the private equity / venture capital community.

KYND

KYND

KYND has created pioneering cyber risk technology that makes assessing, understanding, and managing business cyber risks easier and quicker than ever before.

Omega Systems

Omega Systems

Omega Systems is a leading managed service provider (MSP) and managed security service provider (MSSP) to mid-market organizations.

Vercara

Vercara

Vercara offers a purpose-built, global cloud security platform that provides layers of protection to safeguard businesses’ online presence, no matter where an attack comes from or where it is aimed.

Red Helix

Red Helix

Red Helix (formerly Phoenix Datacom) is a market leader in network performance and cyber security.

Francisco Partners

Francisco Partners

Francisco Partners provide capital, expertise, and support for growth-aspiring technology companies.

Aim Security

Aim Security

Aim empowers enterprises to unlock the full potential of GenAI technology without compromising security. GenAI makes business better - Aim makes GenAI secure.

Deepware

Deepware

Deepware is an emerging AI research company dedicated to exploring the potential of GenAI in both generation and detection.

Zeus Cloud

Zeus Cloud

Zeus Cloud provide clients with world-class web hosting services to businesses both big and small.

Vortacity Cyber

Vortacity Cyber

Vortacity is a boutique cybersecurity provider specializing in associations, nonprofits, and mission-based organizations.

StrongDM

StrongDM

StrongDM is the leader in Zero Trust Privileged Access Management (PAM).