Bad Cyber Security Behavior At Home Risks Being Taken Back To Work

Uploaded on 2021-06-28 in TECHNOLOGY--Resilience, FREE TO VIEW

Millions of workers, employees and managers who have worked remotely because of Coronavirus are beginning to return to the office,  possibly bringing the very bad cyber security habits of home working back into the office with them, putting companies at greater risk of serious cyber security incidents. 
 
A new survey by the email security experts Tessian explains that after more than a year of remote working, offices are reopening and nearly every business is adopting a hybrid working structure. This is allowing employees to work from home and or from the office, and that this significant change in working conditions creates a fundamental shift in cyber security priorities.  
 
Tessian surveyed over 4,000 employees in the US and UK across various company sizes and industries, along with 200 IT professionals, to better understand back-to-work trends. Their report, which analysed ‘Back to Work: Security Behaviours’,  reveals that nearly a third of employees (30%) believe they can get away with riskier security behaviours when working remotely, with two in five (39%) admitting the cyber security behaviours they practice while working from home are different to the behaviours practiced in the office. 

As numerous organisations  plan for the “great return”, their decision makers need to ask some tough questions:

  • Will employees need a refresh on safe cyber security behaviors in the workplace? 
  • How will the threat landscape change? 
  • What role will the CISO play in the new hybrid workforce?

Tessian found some equally tough answers in their survey results: 

  • More than half (56%) of IT leaders believe employees have picked up bad cyber security behaviors since working remotely.
  • The majority (69%) of IT professionals predict a spike in ransomware attacks and targeted phishing scams in the transition back to the office.
  • Over a quarter of employees are scared to admit they’ve made mistakes that compromise security at work.
  • Six in every ten IT leaders said the return to business travel will pose greater cybersecurity challenges and risks for their company.

“The shift to an all-remote workforce was a huge challenge for IT leaders, but the next transition to a hybrid work model is set to be even more challenging - particularly when it comes to employees’ behaviors,” said Tim Sadler, co-founder and CEO of Tessian. The risks Tessian have identified could result a rise in phishing attacks whereby threat actors impersonate airlines, booking operators, hotels, or even senior executives supposedly on a business trip. There is also the risk that employees accidentally leave devices on public transport or expose company data in public places.

“Employees are the gatekeepers to data and systems but expecting them to be security experts and scaring them into compliance won’t work. IT leaders need to prioritise building a security culture that empowers people to work securely and productively, and understand how to encourage long-lasting behavioral change overtime, if they’re going to thrive in this new way of working.” Sadler said.  

TESSIAN    Forbes:      RealWire:      Security Informed:       Infosecurity Magazine:     Image: Unsplash
 
You Might Also Read:
 
Remote Working & Cyber Security:
 
 
« Ukraine Cyber Police Crack Hacker Group
China Is Gaining Technical Supremacy »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Puppet

Puppet

Puppet is a leader in IT automation. Our software helps DevOps securely automate configuration and management of machines and the software running on them.

InAuth

InAuth

InAuth Security Platform delivers advanced device identification, risk detection, and analysis capabilities to help organizations limit risk and reduce fraud.

Avatao

Avatao

Avatao is an online training platform for building secure software, offering a rich library of hands-on IT security exercises for software engineers to teach secure programming.

Bio-Morphis

Bio-Morphis

Bio-Morphis Reflex solution is a paradigm shift in the approach to information systems security.

Haechi Audit

Haechi Audit

Haechi Audit is a leading smart contract security audit firm. We provide the most secure smart contract security audit and smart contract development services to our global clients.

International Cybersecurity Forum (FIC)

International Cybersecurity Forum (FIC)

The International Cybersecurity Forum (FIC) has established itself as the benchmark event in Europe in terms of digital security and trust.

Ridge Global

Ridge Global

Ridge Global works with C-suite executives and corporate directors to build more resilient organizations through innovative preparedness, protection, response and education capabilities.

Hunter Strategy

Hunter Strategy

Hunter Strategy focuses on delivering solutions that are concise, scalable, and target our customer’s complex technical challenges.

Ultra Intelligence & Communications (Ultra I&C)

Ultra Intelligence & Communications (Ultra I&C)

Ultra Intelligence & Communications provides critical, tactical capabilities that inform decision making in the most challenging environments.

Lucidum

Lucidum

The Lucidum platform helps you assess risk and mitigate vulnerabilities by finding and correlating data from your security tech stack.

NetCentrics

NetCentrics

NetCentrics leverages an innovative, agile, ‘what’s-next’ approach to our customers’ IT and cyber challenges.

Approov

Approov

Approov provides a comprehensive runtime security solution for mobile apps and their APIs, unified across iOS and Android.

Kivera

Kivera

Kivera enforces your organisation governance and security policies across cloud deployments preventing misconfigurations turning into attack vectors.

Yarix

Yarix

Yarix is the leading company in Var Group’s Digital Security division and one of the most recognised, innovative and authoritative Italian companies in the IT security sector.

Silobreaker

Silobreaker

Silobreaker is a SaaS platform that enables threat intelligence teams to produce high-quality and relevant intelligence at a faster pace.

Driven Technologies

Driven Technologies

Driven is a cloud native service provider transforming the way companies leverage technology to improve business by securing, modernizing, and connecting applications, users, and data.