Remote Work Is Here To Stay, But So Are The Cyber Risks

February 25, 2021

According to CyberArk, poor cybersecurity practices could lead organizations to reconsider allowing remote work long-term.

A number of studies have shown that remote work benefits both employers and employees. A recent survey conducted by CyberArk found that most employees feel more productive working from home and hope to continue doing so even after the pandemic.

However, the survey also found that many respondents exhibit poor cybersecurity behaviors when working from home. Sixty-seven percent of survey respondents said they violate corporate security policies in order to be more productive, such as by sending work documents to their personal email, sharing passwords, or installing third-party applications.

In addition, 69 percent of employees surveyed said they use corporate devices for personal use and 57 percent allow other members of the household to use their corporate devices for schoolwork, gaming, shopping, and other activities. There was a 185 percent increase in the percentage of employees letting family members use their work devices since June 2020.

Eighty-two percent of respondents said they reuse passwords, which is a 12 percent increase since spring 2020.

It seems that more education is not changing these behaviors. Fifty-four percent of respondents said they received cybersecurity training specific to remote work.

A survey conducted by Promon earlier in 2020 also found that 61 percent of employee respondents were using personal devices for work. "Poor Security Hygiene Raises Doubts on the Future of Remote Work" cxotoday.com (Dec. 22, 2020).

Commentary

Clearly written and widely distributed policies are essential for remote workers. It is better to establish requirements and prohibitions related to cybersecurity than to simply teach employees what they should or should not do.

Your written policies should state that employees are prohibited from using work devices for non-work-related purposes; from allowing others to use their work devices; and from sharing work device or account passwords with others.

State that employees must contact their manager or the Information Technology Department if they are having a productivity or technology issue, rather than addressing it by violating cybersecurity policies. Train managers to work with employees and to avoid asking them to perform tasks that could compromise cybersecurity.

Make your written policies more effective by providing easy-to-follow instructions for achieving each requirement. For example, explain how to create a strong password and how to use a password manager to store unique passwords for every account.

If possible, implement a way to monitor for adherence to your policies. For example, track logins and meet with employees if their work device is used after hours or a different IP address logs into their work account.

Finally, your opinion is important to us. Please complete the opinion survey:

Related Articles

Related Training

Related Seminars

Related Checklists

Related Links

Related Podcasts