Home workplaces introduce new risks, poor password hygiene
Entrust Datacard released the findings of its survey, which highlights the critical need to address data security challenges for employees working from home as a result of the pandemic based on responses from 1,000 US full-time professionals.
As social distancing mandates took effect in March 2020, employers found themselves in a massive remote work experiment, testing their cybersecurity readiness. Home workplaces introduce new risks as many employees find themselves distracted and are using personal devices to connect to corporate resources.
Bad actors have taken advantage – there was a 350 percent increase in phishing attacks in March, according to Google data.
Home workplaces and password hygiene
When it comes to home workplaces, password hygiene is of the utmost importance. Despite this, the survey found that an astounding 42 percent of employees surveyed still physically write passwords down, 34 percent digitally capture them on their smartphones and 27 percent digitally capture them on their computers.
Additionally, nearly 20 percent of the employees are using the same password across multiple work systems, multiplying the risk of sensitive data if a password is compromised or stolen.
“While many employees are set up to work securely by their employers, they continue to seek simplicity, even if that means insecure password practices and higher risk. As organizations continue to support employees working from home, it’s clear that they need to ramp up cybersecurity training and technology,” said James LaPalme, Vice President & General Manager of Authentication Solutions at Entrust Datacard.
“Encryption combined with advanced authentication, including passwordless solutions that leverage smartphone biometrics, can deliver the frictionless experience employees seek and the confidence organizations require. These solutions will one day make World Password Day obsolete and I don’t think employees or employers will miss it.”
In addition to password practices, the survey revealed several insights into employee sentiment toward remote work and cybersecurity.
Nearly half of workers are receiving COVID-related phishing emails
Employees surveyed are well aware both of phishing scams in general (82 percent) and of phishing scams specifically related to COVID-19 (81 percent) – in fact, 45 percent say they have received a COVID-19-related email from an unknown sender.
Despite this high awareness, roughly one-quarter (24 percent) of employees say they’ve clicked on a link from an unknown sender before determining their legitimacy, while just 36 percent deleted the email and only 12 percent reported the email.
Workers not set up properly for good cyber-hygiene while remote
The majority of employees surveyed (63 percent) are connecting to their company’s VPN during this time, yet they are using unique passwords to access different company resources (64 percent), rather than a more secure solution like single sign on with multifactor authentication.
Anxiety and inadequate technology as key remote work challenges
Most employees (59 percent) surveyed find it more difficult to get their work done while working remotely during the pandemic. Of those who said it’s more difficult, 26 percent are finding it much more difficult.
External distractions, COVID-19 related anxiety and inadequate amenities (i.e. slow internet) are the top three-cited reasons for this heightened difficulty. Additionally, remote workers in education, government, healthcare and manufacturing cite the challenge of work duties that do not always translate to remote work.
Remote workers are sharing devices with family members
While working from home under stay-at-home orders, 36 percent of employees surveyed are using one or more personal devices to access company files — these create opportunities for employees to make use of shadow IT, creating risks (i.e., phishing, malware, DDoS).
Moreover, 29 percent of those using one or more personal devices to work share that device with other members of their household, creating further risk.
Consumers are skeptical their personal data is safe
Survey respondents feel less confident about their security when handling personal business. Sixty-eight percent of respondents are doing more personal business online during the pandemic, including shopping, banking and social media, and more than half (58 percent) are skeptical of the level of security provided by these online vendors and service providers.
Employees — particularly Gen Z — don’t expect a return to the office as usual
Social distancing mandates have forced employers to embrace remote work, and employees to rethink their expectations. Forty-four percent of all respondents expect to work from home either more frequently (33 percent) or permanently (11 percent).
These percentages are markedly higher among Gen Z (ages 18-23) employees, fully half of whom (50 percent) do not anticipate a return to work as usual.