Over a third, (36 percent) of employees say they have picked up bad cybersecurity behaviours and found security ‘workarounds’ since working remotely, according to a new report from Tessian, the human layer security company.
The report, which analysed ‘Back to Work’ security behaviours, also revealed that nearly a third of employees (30 percent) believe they can get away with riskier security behaviours when working remotely, with two in five (39 percent) admitting the cybersecurity behaviours they practice while working from home are different to the behaviours practiced in the office.
Shockingly, nearly half (49 percent) say the reason for this is because they feel they aren’t being watched by IT. Furthermore, the data revealed that over a quarter of employees have made a mistake that has compromised company security that they have never told anyone about, due to fear of disciplinary action or having to take part in more security training.
Therefore, 70 percent of IT leaders think that the return to office will encourage staff to follow company security policies around data protection and privacy.
Increased risks of malware
69 percent of IT leaders believe that ransomware attacks will be a greater concern in a hybrid workplace
The report revealed other security concerns IT leaders could face when staff return to the office.
For example, over half of IT leaders (54 percent) are worried that staff will bring infected devices and malware into the workplace when businesses transition back to the office, while 69 percent of IT leaders believe that ransomware attacks will be a greater concern in a hybrid workplace.
What’s more, 67 percent predict an increase in targeted phishing emails in which cyber criminals take advantage of the transition back to working in the office.
Hybrid work-related scams
Tessian’s platform data revealed a spike in ‘hybrid work’ related scams when lockdowns eased in the UK in May 2021.
In the week commencing 10th May 2021, Tessian found that the number of suspicious emails related to ‘hybrid work’ was 39% higher than the overall weekly average of ‘back to office’ themed emails flagged by Tessian since the start of 2021.
Cybersecurity risks and challenges
Lastly, six in 10 IT leaders said the return to business travel will pose greater cybersecurity challenges and risks for their company.
These risks could include a rise in phishing attacks whereby threat actors impersonate airlines, booking operators, hotels, or even senior executives supposedly on a business trip. There is also the risk that employees accidentally leave devices on public transport or expose company data in public places.
Building a security culture
The transition to a hybrid work model is challenging, particularly when it comes to employees behaviours"
Tim Sadler, CEO, Tessian comments, “The shift to an all-remote workforce was one huge challenge for IT leaders, but the next transition to a hybrid work model is poised to be even more challenging - particularly when it comes to employees behaviours.”
“Employees are the gatekeepers to data and systems, but expecting them to be security experts and scaring them into compliance won’t work.”
“IT leaders need to prioritise building a security culture that empowers people to work securely and productively, and understand how to encourage long-lasting behavioural change over time if they’re going to thrive in this new way of working.”