Promoting appropriate employee conduct while using work devices is the key to maximizing a company’s cyber defense. However, cybersecurity trends indicate that workers may be hindering goals more than they’re helping.
Volumes of cyber attacks linked to remote work have kept Nathan Little busy in 2020.
As Tetra Defense's senior vice president of digital forensics and incident response, Little helps companies manage the consequences of cyber attacks.
“Getting a remote workforce connected quickly took precedence over getting connected securely,” Little said. “The majority of cases that we've seen in the past few months resulted from remote access vulnerabilities.”
Businesses face steep consequences when they don’t prioritize security. A single data breach has the power to shut down a company permanently.
Remote work during COVID-19 increased the average cost of a data breach by $137,000, an expense several businesses can’t afford during the economic uncertainty of the pandemic.
Visual Objects surveyed 500 full-time U.S. employees to gain insight into how workers’ cybersecurity behavior impacts company success with cyber defense.
- 63% of employees are not concerned about storing personal information on work devices, despite associated cyber risks.
- Baby Boomers (27%) are the least concerned about where they store personal data, making them more susceptible to attack.
- Most employees (63%) have used the same passwords for multiple accounts on work devices, increasing vulnerabilities.
- Only 2% of baby boomers always reuse work-related passwords, compared to 13% of millenials who always use duplicate passwords.
- Employees feel that companies (91%) are more responsible for cybersecurity efforts than workers (76%).
Storing Personal Information on Work Devices
Most employees aren’t concerned about keeping personal data on work devices, despite increased vulnerabilities during remote work.
Currently, 63% of workers are comfortable with storing personal data on work devices.
Most companies sent office devices home with employees during COVID-19, allowing workers to intermix work and personal data. Employees risk introducing malware onto work devices when using them for personal activities.
For instance, workers may download suspicious for their own use. If work data and personal data exist on the same device, the suspect software can endanger sensitive company data.
Reuben Yonatan is the founder and CEO of GetVoIP, a voice services company. He believes workers should avoid using work devices for personal activity because the mix encourages casual use.
“For instance, [employees] might share the device with a friend, place it in open spaces, or use it to surf the internet,” Yonathan said. “That might inadvertently lead to a loss of data because the device is not as guarded as it should be.”
Similarly, bring-your-own-device (BYOD) policies rely on employees using their devices for work and have become popular in recent years. Just as workers mix personal information onto work devices, employees commonly use personal devices for work.
The mingling of work and personal data increases vulnerabilities for cyber attacks. Employees can promote cyber defense at companies by keeping work and personal data on separate devices.
Baby Boomers Less Concerned About Where They Store Personal Information
Older employees put companies at great risk by storing personal data on work devices.
Over one-fourth of baby boomers (27%) admit to being very unconcerned about using work devices to store personal information.
Only 17% of millennials felt very unconcerned about storing personal data on work devices.
Unlike their younger counterparts, baby boomers didn’t grow up surrounded by digital technology. Christine Sabino, a senior associate at data breach claims company Hayes Connor, believes that millennials are naturally inclined to keep personal and work information separated.
“[Millennials] have more technological devices, like a personal laptop, tablet, mobile phone, and games console,” Sabino said. “They are less likely to require the use of their work laptop for these [personal] activities.”
Heinrich Long, a privacy expert at Restore Privacy, suspects that baby boomers may not understand the importance of keeping work and personal data separate.
“Baby boomers are the demographic most vulnerable to scams, from catfishing to Nigerian princes, so it checks out that they fall prey due to poor awareness,” Long said.
Mixing work and personal data may be a habit baby boomers struggle to break. Without an excess of personal devices at home, baby boomers will be more likely to store personal data on work devices than their millennial counterparts.
Duplicate Passwords For Accounts On Work Devices
Reusing passwords in the workplace is extremely common.
Almost two-thirds (63%) of workers admit to using the same password for several work accounts.
Using duplicate passwords is a bad habit for many employees. It’s easier for workers to remember recycled strings of characters, but reusing passwords puts company data at unnecessary risk.
Veronica Miller, a cybersecurity expert at VPN overview, recognizes workers need to break bad password habits to protect company data from hackers.
“Saving passwords on a work device is harmful to the company, as it can lead to a potential data breach,” Miller said. “During remote work, companies [should] make it compulsory to have strong and different passwords on a work device.”
“During remote work, companies [should] make it compulsory to have strong and different passwords on a work device.”
Visual Objects spoke with several cybersecurity experts, who recommended the following password precautions for companies:
- Central password managers such as LastPass or 1Password
- Automatic reset of passwords every few months
- Two-Factor authentication
Employees are at the center of the duplicate password issue.
Companies can foster a workplace culture that values diverse passwords by implementing security precautions and training. Otherwise, workers are likely to opt for convenient, memorable passwords that jeopardize security.
Older Employees Exercise Stronger Password Protection Behavior
Older employees follow more reliable password protection practices than younger workers.
Only 2% of baby boomers always use the same passwords for work accounts, compared to 13% of millennials who always recycle work passwords.
Brad Bussie, vice president of Entisys360’s Advyz Cyber Risk Services, attributes millennials’ poor password practices to their life-long comfort with technology.
“Millennials tend to trust that large services have their best interests in mind and that security is built-in,” Bussie said. “They are the first generation that had easy access to global information.”
“Millennials tend to trust that large services have their best interests in mind and that security is built-in.”
On the other hand, Sabino believes baby boomers lack the technical comfort necessary to feel confident in built-in security measures. Suspicions about password safety encourage older employees to take a more proactive role in protecting their accounts.
Tech skepticism helps baby boomers take more effective password security measures than millennials.
Companies Bare Most Responsibility For Cyber Risk
Employees believe their companies are primarily responsible for cybersecurity at work.
An overwhelming majority of workers (91%) feel that companies are responsible for maintaining effective cybersecurity practices.
Employees must carry out cybersecurity protocols in their day-to-day work, placing them at the forefront of all workplace cybersecurity measures. However, businesses must recognize the extent to which they’re responsible for securing company data.
Olga Gutenko, a business development manager for security at Vaimo, thinks that companies must develop a strong cybersecurity culture to make meaningful differences in employee behavior.
“Even in this remote work period, employers need to develop a security-focused culture that has buy-in from all employees, [where] employees share the responsibility for security,” Gutenko said.
Additionally, Gutenko recommends companies take the following steps to begin building a cybersecurity-driven culture:
- Invest in employee training and security education
- Test your staff on protocols following training
- Build solid foundations for governance
- Equip your team with practical security-focused tools and software
Workers agree that companies are responsible for laying the groundwork for cybersecurity in the workplace.
Employees Are Committed To Cybersecurity Protocols
While workers feel that companies should take primary responsibility for cyber risk, employees still feel a personal commitment to protect company data.
More than three-quarters of U.S. workers (76%) feel at least somewhat accountable for ensuring cybersecurity measures are followed at their company.
Many experts believe cybersecurity responsibilities should be top-down within organizations. However, employees aren’t off the hook if they fall victim to a cyber attack.
Harman Singh, director of professional services at security provider Cyphere, expressed the importance of employee involvement in cybersecurity after companies create protocols.
“Employees have a responsibility to ensure guidelines and processes are followed,” Singh said. “Employees must take small actions that have a bigger impact on improving culture, such as appropriately reacting to suspicious emails, calls, or information online.”
Companies are in charge of developing cybersecurity policies and protocols, but employees must carry out these practices every day.
Workers share a significant amount of cybersecurity responsibility with their employers.
Employee Behavior Directly Affects Workplace Cybersecurity
Workers can only achieve cyber defense goals if their behavior aligns with company protocols.
The latest trends indicate workers commonly make two cyber defense mistakes: reusing passwords and mixing work and personal data on office devices.
Baby boomers are the typical culprits of storing personal information on work computers, but millennials tend to take fewer precautions when selecting passwords.
Employees place most of the responsibility for cybersecurity on companies. However, workers also understand the critical role they play in carrying out cybersecurity practices in everyday work activities.
About The Survey
Visual Objects surveyed 500 full-time employees in the United States from September 17- 23, 2020.
51% of respondents are male; 40% of respondents are female; 9% of respondents did not provide their gender.
23% of respondents are ages 18-34; 38% are 35-54; 29% of respondents are 55 or older; 11% of respondents did not give their age.
34% of respondents are from the Midwest; 33% are from the South; 23% are from the West; 11% are from the Northeast.