A report on employee cybersecurity practices found that most workers take cybersecurity shortcuts despite knowing the risks involved.
ThycoticCentrify, a provider of cloud identity security solutions, commissioned a report that surveyed 8,041 knowledge workers in 15 countries across different parts of the world during the remote working period.
The report also found that small and medium-sized enterprises (SMEs) have sacrificed cybersecurity for productivity.
The authors identified a disconnect between employees’ understanding of various cybersecurity risks and their behaviors when performing their daily tasks.
Workers take cybersecurity shortcuts because they don’t think they matter
More than three-quarters (79%) of employees took cybersecurity shortcuts during the remote work period despite being aware of the security risks involved.
The report found that a third (33%) of employees saved their passwords on browsers in the past year, a similar number (32%) connected to public Wi-Fi, and almost a quarter ( 23%) passwords recycled on several sites.
Likewise, almost a quarter (23%) used personal devices on the company network, 18% used a password for personal purposes in a professional context, 13% visited non-web sites. authorized and a similar number shared credentials with co-workers.
These employees engaged in risky behaviors despite being aware that individual actions such as clicking on links from unknown sources or sharing credentials put their organizations at cybersecurity risk.
According to the report, these employees behaved this way because they felt they were not “important enough” to be concerned about cybersecurity or be targeted.
While most workers recognized the cybersecurity risk their organizations faced, only 16% saw it as “very high risk.” About a third (32%) of employees perceived cybersecurity as “high risk” and almost half (45%) saw it as “little or no security risk”.
The report found that cybersecurity training was having some effect. More than half (55%) of workers who received cybersecurity training considered cybersecurity to be high risk, compared to 43% of those who did not receive training.
Unfortunately, most organizations have fallen behind in training employees on cybersecurity, with only 44% of employees surveyed receiving training. As a result, most of the employees surveyed had to deal with cyberthreats on their own while working from home.
In addition, there were huge gaps in training between countries. For example, almost two-thirds (64%) of Indian employees had received cybersecurity training, while in France that number was just under one-third (30%).
Most employees think cybersecurity is the responsibility of IT departments
While most (86%) of employees accept personal responsibility for not exposing their organizations, more than half (51%) said their IT departments have a responsibility to protect them.
Employees also took cybersecurity shortcuts because they believed IT teams were protecting them or would take care of any incident. The researchers attributed this misconception to poor communication between IT departments and employees.
âPeople in cybersecurity know how their colleagues should behave when it comes to protecting their devices and protecting the entire business. But are these messages getting through? asked Joseph Carson, chief security scientist and advisory CISO at ThycoticCentrify. “We urge employers to redouble their efforts to encourage the best possible digital security practices among staff and remind them of the risks of not securing networks.”
He added that organizations need to establish security processes and make sure they resonate with their employees to avoid a ransomware attack or major breach with consequences that could last for years.
Carson, however, recognized that hybrid or remote work scenarios pose unique challenges for organizations. He advised organizations to cultivate good security practices among their staff to prevent them from taking cybersecurity shortcuts despite the conditions.
SMEs have sacrificed cybersecurity for productivity during the remote working age
As organizations have rushed to implement remote work strategies, small and medium businesses have taken cybersecurity shortcuts to avoid hurting productivity. SMBs were also the least likely to implement multi-factor authentication (MFA), virtual private networks (VPNs), or offer cybersecurity training.
The problem is compounded by existing cybersolutions which are not viable for all organizations as SMBs struggled with limited budgets and resources, especially during the remote working period.
âTo cope with the pandemic and move to remote work, most SMEs may have been forced to sacrifice cybersecurity to focus on worker productivity,â the report said.
Workers in different countries perceive cybersecurity risks differently
Perceptions of cybersecurity risks vary by country. For example, more than a third (36%) of Swedish workers are less likely to view cybersecurity as a high risk.
On the contrary, two-thirds (66%) of Japanese workers are more likely to perceive cybersecurity as a very high risk, according to the report. Japanese workers are also less likely to take cybersecurity shortcuts such as repeating passwords or clicking on suspicious links, unlike Indian workers.
Singaporean workers are also the most likely (95%) to take personal responsibility for protecting their organizations, while Japanese workers are less likely (35%) to shift all responsibility for protecting organizations to their departments. computer science.
While employees are more likely to take cybersecurity shortcuts in remote work environments, the report revealed a gap between employees and cybersecurity teams.