Since the transition to remote working, businesses have failed to communicate the importance of sticking to cybersecurity policies and preventing cross-contamination between work and personal activities, new data from Yubico suggests.
The password security company surveyed 3,000 remote staff from around Europe and found that almost half (42%) use work-issued devices for personal tasks. Roughly a third of this group use corporate tech for banking and shopping, while 7% visit illegal streaming websites.
What’s more, senior members of staff are among the worst offenders; 43% of business owners and 39% of C-level executives admit to misusing work devices, with many also dabbling in illegal activities online.
Although using a work computer for a bit of online shopping does not in itself pose a threat to cybersecurity, the overlap between personal and professional activities could amplify risks associated with shadow IT, including the accidental compromise of corporate data.
Remote working security
Another area of vulnerability for many businesses operating under a remote model is password hygiene.
According to Yubico, 54% of employees use a single password across multiple work accounts and services. Meanwhile, 22% of staff still write down their passwords on paper, including 32% of executives.
However, IT departments aren’t holding up their side of the bargain either, the report suggests. Yubico found that more than a third (37%) of remote employees are yet to receive any form of cybersecurity training, which goes some way to explaining the lapses in judgement on the part of employees.
Further, only 22% of respondents said their company has adopted two-factor authentication, which is described as “the best line of defence” to protect against account takeover.
“Virtual working patterns bring new opportunities for businesses and employees, but also introduce additional risk. This includes new avenues for bad actors to breach corporate defences,” said Yubico.
“With millions of workers focused on the pressures of completing tasks in varying and sometimes unusual circumstances, security best practices are often put on the backburner.”
“Organizations that don’t get a handle on these hazards risk lasting financial and reputational damage from attacks that can leave their assets in tatters.”