According to new research from Mimecast, remote workers are increasingly putting their organizations at risk by failing to follow security awareness training best practices.

Mimecast polled 1000 global respondents working from corporate workstations to compile the latest report, Company-issued computers: What are employees really doing with them?

In the report there was tons of risky behavior. For example, 73% of respondents frequently use their company-issued device for personal matters such as checking webmail (47%), carrying out financial transactions (38%) and online shopping (35%).

It also revealed that, although most (96%) of the respondents said they were aware of the repercussions of clicking through on malicious phishing links, nearly half (45%) open emails they consider to be suspicious.

This is despite the fact that 64% claimed to have received special security training to equip them better for the new normal of working from home. Nearly half (45%) also admitted to not reporting such emails to their IT security teams.

“Employees need to be engaged, and training needs to be short, visual, relevant and include humor to make the message resonate. Awareness training can’t be just another check-the-box activity if you want a security conscious organization.”

As organizations continue to work in a remote environment, it’s important to implement frequent phishing tests to ensure your users are always aware of the latest attacks.