Remote work has largely been a success during the COVID-19 pandemic, with many employees saying they'd like to work from home permanently and many employers agreeing. However, cybersecurity issues may cause organizations to question whether it is wise to continue the practice long-term.
Without access to an office with technology resources and support employees are struggling and failing to follow cybersecurity protocols.
Survey results from CyberArk show 67 percent of workers bypass corporate cybersecurity policies to be more productive. These measures include sending work documents through personal email addresses, sharing passwords, and installing risky applications. Additionally, 69 percent of workers reported using corporate devices for personal use and 57 percent are allowing other members of their household to use their corporate devices. Unauthorized use of corporate devices includes schoolwork, gaming, and shopping.
These poor cybersecurity behaviors are occurring despite security training aimed at employees working from home. More than half of survey respondents said they did receive remote work specific security training. Surprisingly, password reuse has increased 12 percent since CyberArk's previous survey with 82 percent of employees recycling their passwords.
Experts stress that employees and organizations share the responsibility of cybersecurity. Organizations must always distribute and enforce cybersecurity policies and train employees on proper corporate device usage. On the other hand, employees have a responsibility to be receptive to these policies and avoid actively bypassing important cybersecurity measures. Howard Kass "CyberAsk Study: Why Remote Workers Bypass Corporate Security Policies" msspalert.com (Dec. 28, 2020).
So, the question for our readers is: Are your employees bypassing cybersecurity?
Please take the poll. Here is the opinion of one of the McCalmon editorial staff:
Jack McCalmon, Esq.
I don't believe so, and one reason is that cybersecurity, like other forms of security, requires a consistent and constant messaging and empowering of everyone to express their concerns about cybersecurity risks. Admittedly, it helps that we provide cybersecurity training for thousands of organizations and their employees, so we are "in tune" to the risk. Nevertheless, that does not mean we are not targeted; we routinely alert each other to phishing and other social engineering schemes. This constant communication has helped us avoid issues to date, even sophisticated email social engineering scams. One thing I think is important is that employees need to know who to call within an organization when they have a question or a concern. That is a low-cost, but very important way to prevent catastrophic cyber-related losses.
You can answer our poll. Please note any comments provided may be shared with others.