A new survey from CyberArk has found that work-from-home habits, including password re-use and letting family members use corporate devices, are putting critical business systems and sensitive data at risk.
The survey conducted in April 2020 found that the risks to corporate security become even higher when it comes to working parents. As this group had to transform into full-time teachers, caregivers and playmates quickly and simultaneously, it’s no surprise that good cyber security practices are not always top of mind when it comes to working from home.
The survey, which aimed to gauge the current state of security in today’s expanded remote work environment, found that 77% of remote employees are using unmanaged, insecure ‘bring your own devices’ (BYOD) to access corporate systems while 66% of employees have adopted communication and collaboration tools like Zoom and Microsoft Teams, which have recently reported security vulnerabilities.
The survey revealed that 93% have reused passwords across applications and devices and 29% admitted that they allow other members of their household to use their corporate devices for activities like schoolwork, gaming and shopping while 37% insecurely save passwords in browsers on their corporate devices.
CyberArk chief marketing officer Marianne Budnik said, “The security posture of organisations continues to be tested as many remote employees face daunting challenges balancing productivity and security across their professional and personal workspaces.
She said, “As more organisations extend work-from-home policies for the long term, it is important to capture lessons learned from the initial phases of remote work and shape future cyber security strategies that don’t require employees to make trade-offs that could put their company at risk.”
While 94% of IT teams are confident in their ability to secure the new remote workforce, 40% have not increased their security protocols despite the significant change in the way employees connect to corporate systems and the addition of new productivity applications.
CyberArk senior vice president (Asia Pacific and Japan) Vincent Goh said, “Responsibility for security needs to be split between employees and employers.
“It means constantly updating and never re-using passwords, verifying operating systems and application software to be up-to-date, and making sure work and communication only take place on approved devices, applications and collaboration tools.”
“Simultaneously, local businesses must constantly review their security policies to ensure employees only have access to the critical data and systems they need to do their work, and no more,” said Mr Goh.
The rush to onboard new applications and services that enable remote work combined with insecure connections and dangerous security practices of employees has significantly widened the attack surface and security strategies need to be updated to match this new dynamic threat landscape. This is especially true when it comes to securing privileged credentials of remote workers, which if compromised could open the door to an organisations most critical systems and resources.
The survey included responses from 3,000 remote office workers and IT professionals in the US, UK, France and Germany. A