Employee work from home habits are putting businesses at a higher risk of cyber-attacks, according to a study by CyberArk. It revealed that a large proportion of remote workers in the UK regularly engage in practices including using unmanaged, insecure BYOD devices to access corporate systems (60%).
Working from home has risen at an exponential rate in the UK and elsewhere as a result of the COVID-19 pandemic. This is posing additional security risks for businesses, due to firms rushing to put in place applications and services that enable remote work as well as more insecure connections.
These risks are being increased further by bad cybersecurity behaviors by remote workers, according to CyberArk’s new analysis.
In a survey of 300 remote office workers and 300 IT professionals in the UK, the security firm also found that 57% of remote workers use communication tools such as Zoom and Microsoft teams, which have had well-publicised security problems in recent months.
Risky cyber-practices were shown to be particularly prevalent amongst working parents included in the study, who face additional distractions such as childcare and home-schooling. Of this cohort, 57% insecurely save passwords in browsers on their corporate devices while 89% said they reuse passwords across applications and devices. Additionally, 21% allow other members of their household to use their corporate devices for activities like schoolwork, gaming and shopping.
Despite the additional security risks posed by the huge rise in remote working, 57% of IT professionals surveyed said they haven’t increased their security protocols in this period.
Rich Turner, SVP EMEA, CyberArk, said: “Responsibility for security needs to be split between employees and employers. As more UK organizations extend remote work for the longer-term, employees must be vigilant. This means constantly updating and never re-using passwords, verifying that the operating systems and application software they use are up-to-date, and ensuring all work and communication is conducted only on approved devices, applications and collaboration tools.
“Simultaneously, businesses must constantly review their security policies to ensure employees only have access to the critical data and systems they need to do their work, and no more. Decreasing exposure is critical in the context of an expanded attack surface.”