One-fifth of remote workers in the UK recycle their work email or password to log into consumer websites and apps, such as online shopping and even dating, increasing the risk of their corporate credentials being stolen. This is according to Ivanti’s Secure Consumer Cyber Report, which surveyed 1000 UK home workers about their cybersecurity behaviors.
The research revealed that poor cybersecurity practices by home workers are prevalent, which is putting organizations at greater risk of cyber-attacks. Over a third (39.93%) of those surveyed said they were allowed to use personal devices, such as laptops, smartphones, tablets or smartwatches to access company applications and networks. Despite this, nearly half (47.87) admitted they have not set up two-factor authentication for smart devices in their homes.
The report also indicated that organizations have not sufficiently adapted their security procedures to a remote working model, nearly a year since the start of the COVID-19 pandemic. Around one-third of UK consumers claimed their organization does not require them to use a secure access tool, such as a VPN, while roughly a quarter of US and UK remote workers surveyed said that their employer does not require them to update their password every six months or use a one-time password generator.
Nigel Seddon, VP EMEA West at Ivanti, commented: “The poor security hygiene and shortfalls in enterprise security emphasized by the report are creating a perfect storm for cyber-criminals looking to take advantage of consumers working from home. By reusing passwords and failing to implement corporate workspace segregation policies and multi-factor authentication, businesses are increasing their risk of falling victim to credential stuffing attacks.
“Given that there has been a recent increase in the number of data breaches targeting consumer-based companies and online communities, it is very likely that enterprise email and passwords are already exposed on the dark web. Companies across all industries must implement a zero-trust model to ensure that entities accessing corporate information, applications or networks are valid and not using stolen credentials.”