A report from Tessian reveals that 56% of IT leaders believe their employees have picked up bad cybersecurity behaviors since working from home. As organizations make plans for the post-pandemic hybrid workforce, the report reveals how security behaviors have shifted during the past year, the challenges as organizations transition to a hybrid work model, and why a fundamental shift in security priorities is required.
Cutting cybersecurity corners at home
According to the report, younger employees are most likely to admit they cut cybersecurity corners, with 51% of 16-24 year olds and 46% of 25-34 year olds reporting they’ve used security workarounds.
In addition, 39% say the cybersecurity behaviors they practice while working from home differ from those practiced in the office, with half admitting it’s because they feel they were being watched by IT departments.
IT leaders are optimistic about the return to office, with 70% believing staff will more likely follow company security policies around data protection and privacy. However, only 57% of employees think the same.
Security pitfalls in a hybrid workforce
After addressing employee cybersecurity behaviors while working remotely, IT leaders face a new set of challenges with security threats posed by a hybrid workforce, as lockdowns ease and the lines between personal and professional lives blur:
- Dodgy devices: 54% of IT leaders are concerned that staff will bring infected devices and malware into the workplace. And their apprehension is founded: 40% of employees say they plan to work from personal devices in the office.
- Ransomware rising: 69% of IT leaders believe that ransomware attacks will be a greater concern in a hybrid workplace, with legal firms and healthcare organizations particularly concerned about this threat.
- The age of phishing: 67% of IT decision makers predict an increase in targeted phishing emails in which cybercriminals take advantage of the transition back to the office, adding to the rapidly growing number of phishing attacks faced by organizations (the FBI found that phishing attacks doubled in frequency last year).
- Failure (or fear) to report cybersecurity mistakes: Over one quarter of employees admit they made cybersecurity mistakes — some of which compromised company security — while working from home that they say no one will ever know about. 27% say they failed to report cybersecurity mistakes because they feared facing disciplinary action or further required security training. In addition, just half of employees say they always report to IT when they receive or click on a phishing email.
- Return to business travel: As lockdown restrictions are lifted, six in 10 IT leaders think the return to business travel will pose greater cybersecurity challenges and risks for their company. These risks could include a rise in phishing attacks whereby threat actors impersonate airlines, booking operators, hotels or even senior executives supposedly on a business trip. There is also the risk that employees accidentally leave devices on public transport or expose company data in public places.
As cybersecurity will be mission-critical in the new work environment, it’s encouraging that 67% of surveyed IT decision makers report that they have a seat at the table when it comes to office reopening plans in their organizations. The organizations and IT leaders that address risky human behaviors and corresponding security threats will thrive in a hybrid work model.
“The shift to an all-remote workforce was one huge challenge for IT leaders, but the next transition to a hybrid work model is poised to be even more challenging – particularly when it comes to employees’ behaviors,” said Tim Sadler, CEO of Tessian.
“Employees are the gatekeepers to data and systems, but expecting them to be security experts and scaring them into compliance won’t work. IT leaders need to prioritize building a security culture that empowers people to work securely and productively, and understand how to encourage long-lasting behavioral change overtime if they’re going to thrive in this new way of working.”