IT professionals have had their hands full with setting up a hybrid work architecture that allows employees to work wherever and whenever they want, and that is unfortunately introducing a lot more cyber risk into the organization.
In fact, a new report from email security company Tessian finds that remote work has had a negative impact on cybersecurity, and more than one third of end users have picked up bad habits and have found security workarounds since working remotely.
Meanwhile, 56% of IT leaders surveyed by the company said they felt their employees picked up bad cybersecurity behaviors since the pandemic.
Tessian’s report also suggests that younger employees aren’t taking cybersecurity as seriously as their older counterparts. According to the data, 51% of users between the ages of 16 and 24 have found security workarounds while working remotely. In each age bracket, that percentage drops as users get older.
For ages between 25 and 34, 46% of employees found security workarounds. For ages between 35 and 44, that number is 35%. For people between the ages of 45 and 54, that figure drops to 23%. For those 55 and older, just 19% said the same.
When employee are in the office, they tend to practice better cyber hygiene than when at home, the report says. Almost a third of employees say they can get away with riskier behavior while working remotely, and 39% said they practice different cybersecurity behaviors between the two locations.
Nearly a half of respondents said they do so because they feel they are not being watched by the IT department at home.
The report suggests that bringing employees back to the office will improve the organization’s cybersecurity posture, and 70% of IT leaders surveyed feel that way, compared to just 57% of end users.
An alarming number of employees – over one quarter – say they have made cybersecurity mistakes while working from home, but nobody will ever find out. Another 27% said they failed to report those mistakes because of possible disciplinary action, and just half say they always report to IT when they get a phishing email.
If your organization is embracing a hybrid work strategy, now is a good time to evaluate your security posture and train end users on how to avoid these mistakes in the first place.