Yubico research reveals that cybersecurity best practices, including password protection, and employee training in the UK, France, and Germany are lackluster with the proliferation of employees working from home.
We all know there have been major paradigm shifts in the workplace caused by the pandemic. With the explosion of working from home (WFH), millions of employees now call their basements and bedrooms home offices. Security professionals scrambled to put together employee onboarding and authentication protocols that met new cybersecurity requirements for remote employees. Over a year into the pandemic, they continue facing challenges as some employees stay home and others return to the office.
So how have employees performed in the remote workplace? How secure have their work environments been in the last 15 months? We surveyed 3,006 employees, business owners, and C-suite executives at medium to large organizations (250+ employees) across the UK, France and Germany, who have worked from home and use work-issued devices, to uncover some common trends.
Cybersecurity best practices went from bad to worse during the pandemic
Data shows that poor cybersecurity habits that employees might have had before the pandemic got worse when they started to work from home. The survey also illustrated that many businesses do not have solid cybersecurity best practices in place to deal with the new challenges of hybrid workplaces, and have been slow to implement strong cybersecurity technologies and modern authentication protocols to fill security gaps.
Let’s start with employees by combining data across all surveyed countries:
- Poor password hygiene is a major issue, as 54 percent of employees admitted that they use the same passwords across multiple work accounts. 22 percent of respondents report they still remember passwords by writing them down, including 41 percent of business owners and 32 percent of C-level executives.
- 42 percent of respondents use their work devices for personal use, which is an enterprise-wide problem. About 44 percent of business owners and 39 percent of C-level executives said they were working on personal tasks while they used work devices at home.
- Surprisingly, even though behaviors are riskier at home, 73 percent of employees are confident that they would be able to spot and avoid phishing attacks and only 55 percent are more cautious about cybersecurity while working from home.
What are employers doing to respond?
Nearly 60 percent of employees said that they weren’t responsible for cybersecurity and that IT teams should handle all defenses. But only 37 percent of these remote workers felt more supported by IT than they did in the physical workplace. The same 37 percent claimed they had received no cybersecurity training policy focused on staying secure while working from home.
The survey shows that in all three countries, organizations have been slow to adopt or increase their usage of Multi-factor authentication (MFA) (22%) because of the pandemic. This is a considerable difference from the recent US-focused study by Yubico and 451 Research which stated that as a reaction to COVID-19, MFA is the top cybersecurity technology being adopted (by 49% of respondents) and 75% of enterprise security managers plan to increase MFA spending.
Cybersecurity best practices keep everyone safe
All it takes is one employee failing to follow secure practices while working from home, and the entire organization could be exposed to a cyber attack or breach.
Here are a few suggested cybersecurity best practices for improving WFH policies:
- Be aware of your employees’ practices and if they may be using work laptops and mobile devices for personal use.
- The research shows that senior-level managers aren’t immune to bad practices either, so it’s important for leadership to start modelling behavior.
- Consider employee training that demonstrates the reality of vulnerabilities to remote and hybrid employees, including password hygiene and phishing attacks.
- Move toward strong authentication, such as the YubiKey, which works with legacy or modern cloud-based, passwordless infrastructures.
For the full report click here to revert to the original Yubico blog post by Ronny Manning, where you can also sign up for the upcoming webinar on this same topic.
To purchase your YubiKey(s) in South Africa, please go to our online webshop.