As more offices continue to re-open, employees are eager to go back, hit that morning commute, and settle back into their cozy workstation, steaming coffee in hand.
Or, maybe not. A new WP Engine cross-generational study, Generation Resilience: How the Pandemic Changed Digital for Everyone, found that since the pandemic, 48% of Gen Zers, 65% of millennials and 54% of Gen Xers would prefer to continue working remotely… indefinitely. In fact, 59% of millennials and 49% of Gen Zers say their work-life balance had actually improved while working from home.
Dealing with potential security threats is an ongoing challenge that needs to be constantly monitored. So first, let’s identify the weakest link. That would be you. (Fine, us.) Employee actions are the most significant threat to an organization and the need for employee cybersecurity training is massive.
Considering the sheer number of employees working remotely, including the IT department, the potential for a security breach had grown exponentially. Between February and April of last year alone, there was a 238% increase in global cyberattack volume.
Over 80% of us have worked from home in some capacity since the beginning of the pandemic. A recent global study conducted by HP, Blurred Lines & Blindspots, examined organizational security and cyber risk in this new era of remote work. They found that 70% of employees use their work devices for personal tasks and 69% are using personal laptops and other unapproved devices for work.
Additionally, almost one-third (30%) of remote workers say they have let someone else use their work device, from kids playing Minecraft to the neighbor who needs to print out garage sale flyers.
“In today’s environment, it’s possible an employee is checking email or fulfilling online orders on the same device their child is working on homework,” Alicia Dietsch, Senior VP of Business Marketing at AT&T, told Velocitize. “This massive and sudden shift to a remote workforce introduced risks that most experts probably never expected.”
All of this is good news for hackers.
Seventy-one percent of respondents to the HP survey say they access more company data, more frequently, from home than they did pre-Covid. That includes everything from customer and operational data (43% each) to sensitive financial and HR records (23% each). In other words, the remote workforce is increasingly targeted by hackers and cybercriminals, and companies are being compromised.
That’s not too surprising, considering that half of employees say they view their work devices as personal devices. And given that the majority of respondents (61%) would rather work from home than in an office, it’s safe to assume that working remotely will remain a solid option.
The most common tools typically employed by cybercriminals to trick employees into giving up sensitive company data are phishing; ransomware or malware used to disable and encrypt data; and business email compromise (BEC), or emails impersonating supervisors, colleagues or vendors.
Unfortunately, statistics show that home office networks are 3.5 times more likely than corporate networks to be infected by these cybercrime tools. With no company firewall to help protect against threats and hackers, home offices remain vulnerable. And not just home offices but public hotspots (yes, even Starbucks) as well.
Luckily, there are steps that companies can take to minimize risk, such as providing a secure VPN network; enabling multi-factor authentication (MFA); updating the latest security software and patches; educating employees on security risks; and monitoring mobile apps.
All that said, there’s one layer of protection that should be simple enough but that almost every employee has gotten wrong at some point: a strong password.
I Give You My (Pass)Word
One major security issue you can tackle right now is user passwords. When employees work remotely, they’re working on unsecured home networks/routers (where most people never bother to change the default passcode) and WiFi connections. Most likely, they’re not using sufficiently protective passwords or changing passwords on a regular basis. But despite the fact that 91% of employees know they shouldn’t use the same password over and over again, 66% say they do it anyway. (And those are just the ones who are actually admitting it.)
We all know that passwords should be lengthy and complex, containing letters, numbers, and symbols in a random order. The problem is many of us still use (and never change) our initials plus DOB or our initials plus DOB plus exclamation point. Although that exclamation point may seem clever, it’s really not.
Instead, try using the title of your favorite book and then throw in some capitalization, numbers and punctuation. Then write it down on a post-it, memorize it and destroy all evidence. The point is, make sure your password isn’t easy to guess. Your company could also invest in a password manager, if they haven’t already, which stores secure login information for everything from websites to apps.
According to guidance from the National Institute of Standards and Technology (NIST), you should avoid using common words; substitute symbols for letters; create a unique password for every account; use a password manager; and use multi-factor authentication (MFA) to make sure you’re the only one who can access your accounts. (This could be a one-time code after logging in or a fingerprint.)
We all know we shouldn’t do it but we do it anyway: use our work devices as our personal devices. How many times have you shopped on Amazon on your work laptop and saved your credit card information, practically inviting hackers to ruin your life, not to mention your Prime membership? Keep your personal information on your private device so as not to compromise the corporate network.
Meanwhile here’s how we’re spending our time on work devices. In a survey from cybersecurity vendor Malwarebytes Labs, 53% of respondents reported sending or receiving personal email; 52% consume news; 38% shopped online; 25% accessed their social media; and 22% downloaded or installed non-company software. And that doesn’t even cover the 25% who are streaming music and the 24% who are streaming videos and movies.
Bridging the Gap
In a Microsoft 2021 Work Trend Index, an estimated 40% of the global workforce is considering leaving their current employer this year; implementing a strong hybrid environment to respond to their needs is critical. Nine out of 10 businesses surveyed by McKinsey believe that the hybrid workforce will be the new norm post-pandemic. Clearly cybersecurity measures both in the office and at home need to be more strategic than ever.
Although 73% of employees still want flexible remote work options, 67% also say they’re interested in more in-person collaboration. In other words, we want it all. That said, 68% of executives think employees should be in the office at least three days a week in order to maintain a strong company culture.
However, just like working remotely, there are inherent risks associated with the hybrid back-and-forth working environment. Some employees will be working from home while others are in the office. Devices will be moved between corporate and (less secure) home networks.
The hybrid workplace is here to stay. People want to work from home and they also want to come into an office (how many Zoom calls can one person take in their lifetime?). There are many challenges to consider in this brave new hybrid world but, above all, keeping your business safe.
Check out past Velocitize articles to learn more about cybersecurity issues:
- Best Marketing Practices: Security and Data Breaches
- How to Avoid a Security Breach That Hurts Your Business (and Your Clients)
- Make Sure Remote Work Doesn’t Mean an Invitation to Hackers
- Enemy on the Couch: Cybercrime & Security Tips