Over one-third of workers have picked up bad cybersecurity behaviours since working from home

Over a third (36 per cent) of employees say they have picked up bad cybersecurity behaviours and found security ‘workarounds’ since working remotely, according to a new report from Tessian, the human layer security company.

The report, which analysed ‘Back to Work’ security behaviours, also revealed that nearly a third of employees (30 per cent) believe they can get away with riskier security behaviours when working remotely, with two in five (39 per cent) admitting the cybersecurity behaviours they practice while working from home are different to the behaviours practiced in the office.

Shockingly, nearly half (49 per cent) say the reason for this is because they feel they aren’t being watched by IT. Furthermore, the data revealed that over a quarter of employees have made a mistake that has compromised company security that they have never told anyone about, due to fear of disciplinary action or having to take part in more security training.

Therefore, 70 per cent of IT leaders think that the return to office will encourage staff to follow company security policies around data protection and privacy.

However, the report revealed other security concerns IT leaders could face when staff return to office. For example, over half of IT leaders (54 per cent) are worried that staff will bring infected devices and malware into the workplace when businesses transition back to the office, while 69 per cent of IT leaders believe that ransomware attacks will be a greater concern in a hybrid workplace.

What’s more, 67 per cent predict an increase in targeted phishing emails in which cybercriminals take advantage of the transition back to working in the office. Tessian’s platform data revealed a spike in “hybrid work” related scams when lockdowns eased in the UK last month. In the week commencing 10th May 2021, Tessian found that the number of suspicious emails related to “hybrid work” was 39% higher than the overall weekly average of “back to office” themed emails flagged by Tessian since the start of 2021.

Lastly, six in 10 IT leaders said the return to business travel will pose greater cybersecurity challenges and risks for their company. These risks could include a rise in phishing attacks whereby threat actors impersonate airlines, booking operators, hotels or even senior executives supposedly on a business trip. There is also the risk that employees accidentally leave devices on public transport or expose company data in public places.

Tim Sadler, CEO, Tessian comments:

“The shift to an all-remote workforce was one huge challenge for IT leaders, but the next transition to a hybrid work model is poised to be even more challenging – particularly when it comes to employees’ behaviours”

“Employees are the gatekeepers to data and systems, but expecting them to be security experts and scaring them into compliance won’t work. IT leaders need to prioritise building a security culture that empowers people to work securely and productively, and understand how to encourage long-lasting behavioral change over time if they’re going to thrive in this new way of working.”