Manage Pressing Risks with EPL-Risk.com

A one-stop hub for practical, timely and actionable insights, tools and training that may save thousands of dollars by minimizing potential loss exposures, human resources expenses, training costs, and attorney fees.

Stay on top of current workplace issues, legislation, and employment trends with:
  • Articles, News Briefs, and Checklists
  • Interactive Training Modules
  • Model Handbook with 100+ Template HR Policies, Procedures, and forms

Today's Workplace

Chrome Malware Extension Campaign Discovered: What Steps Do You Need To Take?

Malware is lurking on many browser extensions. Read how to find it and prevent it.

Continue Reading

Check File Extensions To Help Prevent Malware Infections

Microsoft users should change their defaults, and all users should check extensions before downloading a file. We examine.

Continue Reading

Working Remotely Increases Cybersecurity Risks On All Fronts

Extensive cybersecurity training for all employees, with additional training for remote workers, can help reduce cyber risks. We examine how remote work environments increase risk.

Continue Reading
print   email   Share

Working Remotely Increases Cybersecurity Risks On All Fronts

According to cybersecurity firm OneLogin's 2020 COVID-19 State of Remote Work Survey Report, 45 percent of American workers have shared their work device passwords with their children or spouse, far more than elsewhere in the world. Thirty-six percent of U.S. respondents said they used a personal laptop or device to access work applications.

In addition, 20 percent have used a public Wi-Fi network for work, and 33 percent have downloaded a personal application on their work device without approval from management or IT. U.S. employees are also more likely than others to use work-issued devices to visit adult entertainment websites—17 percent admitted to doing so.

Only 16 percent of American respondents said that they had never committed any of the above cybersecurity faux pas. By contrast, over half of British, Irish, and German respondents had never used their work device in a high-risk way.

Half of U.S. respondents also visit streaming services on their work device; 62 percent visit YouTube; and 40 percent visit gaming or gambling websites.

Finally, only 33 percent of U.S. respondents said they had never been affected by a breach, by far the lowest percent globally. Even worse, of the 62 percent of respondents who said they experienced a breach, 24 percent had not changed their password.

Among all respondents, 30 percent said hackers have accessed their work device. Only 10 percent changed their password afterwards. In addition, 25 percent have never changed the password to their home Wi-Fi network. However, in this regard Americans fared better—only seven percent had never changed their Wi-Fi password and 40 percent had changed it within the past month.

Another plus: 60 percent of U.S. workers said their organization had implemented multi-factor authentication (MFA), the most of any country surveyed. 

OneLogin surveyed 5,000 employees around the world who began working remotely during the pandemic. Jonathan Greig "30% of remote employees admit to having an online account compromised on a work device" techrepublic.com (Jun. 03, 2020).

Commentary

In the U.S., the percentage of employees working remotely jumped from less than four percent before the lockdown to 62 percent during the lockdown.

Employers should train employees on cybersecurity best practices upon hire and again annually. Your training should cover a broad range of cyber risks including phishing and malware prevention. 

If employees who used to work in the office begin working remotely, provide training specific to remote-work cyber risks before they make the transition including Wi-Fi and mobile device security. 

Password security training is also important. Train employees to never share their password to a work device or account with anyone else, even their child or spouse. Train them to enable multi-factor authentication whenever possible.

If they suspect that a hacker has accessed their device, they must immediately inform your information technology department and change all work-related passwords and the password to the device.

Whenever possible, provide employees who need to access your network remotely with a work-issued device that is installed with the strong anti-virus and anti-malware software. Prohibit employees from downloading personal apps to the work device. Remind them that they are never to visit an adult website or other potentially dangerous site on their work-issued device.

Finally, your opinion is important to us. Please complete the opinion survey: