Over a third, (36 percent) of employees say they have picked up bad cybersecurity behaviours and found security ‘workarounds’ since working remotely, according to a new report from Tessian, the human layer security company.
The report, which analysed ‘Back to Work’ security behaviours, also revealed that nearly a third of employees (30 percent) believe they can get away with riskier security behaviours when working remotely, with two in five (39 percent) admitting the cybersecurity behaviours they practice while working from home are different to the behaviours practiced in the office.
Shockingly, nearly half (49 percent) say the reason for this is because they feel they aren’t being watched by IT. Furthermore, the data revealed that over a quarter of employees have made a mistake that has compromised company security that they have never told anyone about, due to fear of disciplinary action or having to take part in more security training.
Therefore, 70 percent of IT leaders think that the return to office will encourage staff to follow company security policies around data protection and privacy.
The report revealed other security concerns IT leaders could face when staff return to the office. For example, over half of IT leaders (54 percent) are worried that staff will bring infected devices and malware into the workplace when businesses transition back to the office, while 69 percent of IT leaders believe that ransomware attacks will be a greater concern in a hybrid workplace.
What’s more, 67 percent predict an increase in targeted phishing emails in which cyber criminals take advantage of the transition back to working in the office. Tessian’s platform data revealed a spike in ‘hybrid work’ related scams when lockdowns eased in the UK in May 2021. In the week commencing 10th May 2021, Tessian found that the number of suspicious emails related to ‘hybrid work’ was 39% higher than the overall weekly average of ‘back to office’ themed emails flagged by Tessian since the start of 2021.
Lastly, six in 10 IT leaders said the return to business travel will pose greater cybersecurity challenges and risks for their company. These risks could include a rise in phishing attacks whereby threat actors impersonate airlines, booking operators, hotels, or even senior executives supposedly on a business trip. There is also the risk that employees accidentally leave devices on public transport or expose company data in public places.