Member Article

New study uncovers poor password hygiene and cybersecurity awareness on work-issued devices

With many UK businesses announcing new working patterns for employees post-lockdown, it’s becoming clear that many workforces will adopt a hybrid model where time is split between home and the office. This has significant implications for at-home cybersecurity.

A new study from cybersecurity firm Yubico and Censuswide analyses current attitudes and adaptability to at-home corporate cybersecurity, employee training, and support in the current global hybrid working era. The study included more than 3,000 employees, business owners, and C-suite executives at large organisations, who have worked from home and use work issued devices in the UK, France and Germany.

Findings offer insight into the use of work-issued devices for personal matters, sharing and remembering business passwords, the adoption of two-factor authentication (2FA), and other security measures, coupled with how enterprises are responding.

Since the start of the pandemic, employees have been engaging in poor cybersecurity practices on work-issued devices, with business owners and C-level executives proving to be the worst culprits. At the same time, enterprises are falling short on cybersecurity best practices that need to be implemented for out-of-office environments. Despite two-factor authentication (2FA) technology being the best line of defence to protect against account takeovers, less than a quarter of respondents admit to even implementing 2FA since the start of the pandemic and even then, many are using less secure and less user-friendly forms such as mobile authentication apps and SMS one-time passcodes. Among organisations that have implemented 2FA, only 27% are rolling out FIDO-compliant hardware security keys, which offer the most advanced form of phishing protection.

The lines between home and work life are also increasingly blurred, with 42% of respondents using work-issued devices for personal reasons daily while working from home. Of these, 29% are banking and shopping, while 7% admit to watching illegal streaming services. Senior workers are among the biggest offenders here, as 44% of business owners and 39% of C-level executives admit to performing personal tasks on work-issued devices every day since working from home, with almost a quarter (23%) of business owners and 15% of C-level respondents using them for illegal streaming.

In the UK, business owners are generally stricter about their personal use on work devices than their counterparts in Germany and France. That said, 73% of UK business owners and 71% of C-level execs allow third parties to use their work devices. Of concern, more than two thirds have not completed cybersecurity training for remote work, and when having clicked a suspicious link during work, 16% figure it out by themselves while 12% ask Google for help. Perhaps unsurprisingly, 62% of UK respondents would rather have their work credentials than personal data stolen.

“Many organisations are still finding their feet in these new, mostly virtual, work environments, and while this flexibility can deliver new opportunities for businesses and employees, they shouldn’t ignore the growing cybersecurity risks that come with it,” said Stina Ehrensvärd, CEO and Founder, Yubico. “Threat actors are finding new and innovative ways to breach corporate defences which require modern security solutions like the YubiKey. In fact, a user deployment study by Google highlights the remarkable benefits and ROI for YubiKey hardware-based authentication and the standards work we have spearheaded.”

Lastly, the report also found that password reuse continues to be a problem as more of the workforce operates remotely. 54% of all employees use the same passwords across multiple work accounts, with one in five still keeping track of passwords by writing them down. This includes 41% of business owners and 32% of C-level executives.

This was posted in Bdaily's Members' News section by D Baker .

Our Partners