A third of employees picked up bad cyber security behaviors while working from home, according to Tessian’s Back to Work Security Behaviors report.
Despite the remote workers’ bad security practices, 9 out of 10 organizations prefer the hybrid workplace as COVID-19 restrictions eased. Similarly, 89% of employees want to work remotely during the week.
The firm advises business owners to consider the bad employee behaviors as organizations transition to hybrid workplace models.
As employees go back to the office, businesses need to address changes to employees’ security behaviors since they have been working remotely.
Most employers are wary that the post-pandemic hybrid workforce would bring bad cybersecurity behaviors.
More than half (56%) of employers believed that employees had picked bad security practices while working remotely.
Similarly, nearly two-fifths (39%) of employees also admitted that their employee behaviors differed significantly while working from home compared to the office.
Additionally, nearly a third (36%) admitted discovering ‘workarounds’ since they started working remotely.
Close to half of workers adopted the risky behavior because they felt that they weren’t being watched by IT departments. Nearly a third (30%) said they felt that they could get away with the risky employee behaviors while working away from the office.
However, small businesses placed more confidence in their employees while transitioning to the hybrid workplace.
Over two-thirds of business owners believed that their staff would observe their company’s cybersecurity policies.
Many employees are unlikely to admit cutting corners
The fear or failure to report cybersecurity mistakes was a huge cybersecurity risk for organizations. A quarter of employees refused to report such mistakes believing that nobody would ever discover them.
Similarly, more than a quarter feared reporting cybersecurity mistakes to avoid potential disciplinary actions or being forced to take additional security training.
However, younger employees are more likely to admit cutting corners, according to the Tessian report.
More than half (51%) of employees between 16-24 years old and 46% of those between 25-34 years old were more likely to admit circumventing the company’s security protocols.
“Create a security culture that encourages people to come forward about their mistakes, and support them when they do,” the authors suggested.
Personal devices will undermine the network perimeter in the hybrid workplace
Some of the security threats and challenges experienced when people work fully remotely would be imported into the new hybrid workplace.
While many employees used infected devices for remote access during the pandemic, some would bring them to the hybrid office. Company leaders now have to shift to a new security architecture for good – one that involves zero-trust network access, endpoint security, and multi-factor authentication.
Phishing and ransomware attacks are major challenges in the hybrid workplace
Ransomware attacks were also a major concern for more than two-thirds (69%) of companies who believed that the hybrid work environment would be a target for ransomware attacks. These attacks posed a business continuity threat to targeted companies.
Similarly, phishing attacks concerned over three-quarters of IT decision-makers who believed that credential phishing would only exacerbate in a hybrid workplace.
They believed that employees were more likely to expose company data in public or fall for phishing scams impersonating airlines, booking companies, hotels, or senior executives on a business trip. In fact, “back to work” phishing emails were a concern for 67% of IT leaders.
Phishing was the gateway to ransomware attacks. Consequently, successfully blocking phishing exploits reduces the chances of a ransomware attack.
“Stop phishing, business email compromise, account takeover attacks, and social engineering scams, and you significantly reduce the risk of ransomware,” the report authors noted.
However, bad employee behaviors, such as failing to report clicking phishing links, made it harder to stop these attacks.