The pandemic forced many employers to allow their employees to work from home, but now that governments have lifted restrictions, many employers have taken the decision to allow their employees to continue to work remotely. 9 out of 10 organizations surveyed by McKinsey said they believed a hybrid work model was the way forward for post-pandemic workforces.
While there have been reports that workers are happier working remotely and productivity increases have been reported, many employees have been putting their employer at risk as a result of security workarounds and adopting bad cyber hygiene practices.
Recently, security firm Tessian conducted a study on 4,000 employees in the United States and United Kingdom from a broad range of industries to identify back to work trends. Respondents reported having adopted security workarounds while working remotely, with a majority of individuals in the 16-24 age group (51%) having cut corners on security, with 46% of workers in the 25-34 age range and 19% of over 55s reporting the same.
When asked about the reasons why these shortcuts were taken, 49% said it was because they did not think they were being monitored by the IT department, with 30% saying they felt they were able to get away with risky IT practices. These shortcuts can have implications. 27% of employees said that they had made a mistake that had compromised the security of the company but that this was not reported. This was worst for the younger age groups. 42% of younger employees said that after making a security error, they did not alert their IT department out of fear of disciplinary action or being made to undergo further security awareness training.
The most common security mistakes that were made were downloading apps that had not been sanctioned by the IT department and using personal devices for work purposes when this was not permitted. Many also said they had clicked links in unsolicited emails.
Tessian also surveyed IT professionals as part of the survey. 56% of IT professionals believed employees may have taken risks and picked up bad cybersecurity habits while working from home, but 70% believe once employees return to the office, all of the bad security practices will be rapidly corrected.
One of the main areas of concern is that during the pandemic many devices may have been infected with malware, which could potentially be transferred to the network when employees return. 54% of IT professionals are worried about malware and ransomware infections from infected devices that are brought into the office.
Companies that have taken the decision to adopt a hybrid working model are likely to continue to face an elevated risk of malware and ransomware attacks unless businesses find a way to ensure employees do not take security shortcuts when they are working remotely.
While penalties could be introduced for employees who do not follow the rules, this may not be the best approach. “IT leaders need to prioritize building a security culture that empowers people to work securely and productively, and understand how to encourage long-lasting behavioral change over time if they’re going to thrive in this new way of working,” said Tessian CEO, Tim Sadler.