Bad Security Habits During the Pandemic
56% of IT workers believe employees have acquired poor security habits while working remotely, according to Tessian’s Back to Work Security Behaviors report.
“According to the report, younger employees are most likely to admit they cut cybersecurity corners, with over half (51%) of 16-24 year olds and almost half (46%) of 25-34 year olds reporting they’ve used security workarounds,” Tessian says.
“In addition, two in five (39%) say the cybersecurity behaviors they practice while working from home differ from those practiced in the office, with half admitting it’s because they feel they were being watched by IT departments. IT leaders are optimistic about the return to office, though, with 70% believing staff will more likely follow company security policies around data protection and privacy. However, only 57% of employees think the same.”
Tessian found that most respondents believed that the uptick in phishing observed during the pandemic will continue during the return to the workplace.
“Over two-thirds of IT decision makers (67%) predict an increase in targeted phishing emails in which cybercriminals take advantage of the transition back to the office, adding to the rapidly growing number of phishing attacks faced by organizations (the FBI found that phishing attacks doubled in frequency last year),” Tessian says.
In addition, Tessian found that 27% of employees admitted that they didn’t report cybersecurity mistakes they made while working remotely.
“Over one quarter of employees admit they made cybersecurity mistakes — some of which compromised company security — while working from home that they say no one will ever know about,” the company says. “More than one quarter (27%) say they failed to report cybersecurity mistakes because they feared facing disciplinary action or further required security training. In addition, just half of employees say they always report to IT when they receive or click on a phishing email.”
You can’t punish people into security awareness, and training shouldn’t be punitive. New-school security awareness training can teach your employees to follow security best practices so they can thwart social engineering attacks.