Third of Staff Use Security Workarounds at Home

Written by

Over a third (36%) of workers claim to have picked up bad security behaviors since working from home, potentially putting their employers at risk, according to a new study from Tessian.

The security vendor polled over 4,000 employees in the US and UK across various company sizes and industries, along with 200 IT professionals, to better understand back-to-work trends.

The resulting Back to Work: Security Behaviors Report revealed that many staff found security workarounds since working remotely, with younger respondents in the 16-24 age bracket (51%) and 25-34-year-olds (46%) most likely to have cut security corners. By contrast, just 19% of over-55s said they did.

Nearly a third (30%) also said they feel like they can get away with riskier behavior at home, with half (49%) claiming it’s because they think they aren’t being watched by IT.

Behaviors such as clicking on links in unsolicited messages, using personal devices and online accounts for work, and downloading unsanctioned apps to work devices can expose the organization to enhanced cyber-risk.

In fact, over a quarter of responding employees admitted making a mistake that has compromised company security. These incidents went unreported for fear of disciplinary action or having to take part in more security training, Tessian said.

The good news is that most (70%) IT professionals surveyed believe the return to the office will encourage employees to reengage with security and data protection policies.

However, there are still concerns: over half (54%) of IT leaders are worried that staff will bring infected devices back into the workplace, while 69% said ransomware would be a greater concern when new hybrid ways of working bed in.

Tessian CEO, Tim Sadler, agreed that the hybrid model would be challenging to secure.

“Employees are the gatekeepers to data and systems, but expecting them to be security experts and scaring them into compliance won’t work,” he argued.

“IT leaders need to prioritize building a security culture that empowers people to work securely and productively, and understand how to encourage long-lasting behavioral change over time if they’re going to thrive in this new way of working.”

What’s hot on Infosecurity Magazine?