To maximize a company’s cyber defense, it is important to encourage appropriate behavior from employees when using work devices. Cybersecurity trends suggest that employees may be hindering company goals more than they are helping.
In 2020, Nathan Little was busy with cyber attacks on remote work.
Little is Tetra Defense’s senior vice-president of digital forensics, incident response, and cyber forensics. He helps companies deal with the aftermath of cyber attacks.
Little stated that “Getting remote workers connected quickly was more important than getting connected securely.” Remote access vulnerabilities are the root cause of most cases we have seen over the past few months.
Companies that fail to prioritize security risk severe consequences. One data breach can cause a company to be shut down permanently.
Remote work during COVID-19 raised the average cost for a data breach to $137,000. This is an expense many businesses cannot afford due to the economic uncertainty caused by the pandemic.
Employee negligence has long been a more targeted attack.
Kobe Digital surveyed 500 employees in the United States to get insight into their cybersecurity behaviors and how they impact company success with cyber defense.
Our findings
- Despite the cyber risk, 63% of employees don’t worry about personal data being stored on work devices.
- 27 percent of Baby Boomers are least concerned with where their data is stored, which makes them more vulnerable to attacks.
- 63 percent of employees have used the same passwords to access multiple accounts on their work devices, which increases vulnerability.
- Only 2% of baby boomers reuse work-related passwords. This compares to 13% who use duplicate passwords.
- According to employees, 91 percent of companies are more responsible for cybersecurity than 76%.
Storing personal information on work devices
Despite increasing vulnerabilities in remote work, most employees don’t worry about personal data being stored on work devices.
63% of workers feel comfortable storing personal information on work devices.
During COVID-19 most companies sent their employees home with office devices. This allowed workers to mix work and personal data. When employees use their work devices for personal purposes, they run the risk of introducing malware.
Workers may also download malicious software for their personal use. The suspect software could endanger sensitive company data if it is possible to have personal and work data on the same device.
Reuben Yonatan, the CEO, and founder of GetVoIP is a voice service company. Because the mix encourages casual usage, he believes workers should not use work devices for personal activities.
Jonathan stated that employees might use the device to share with friends, surf the internet, or place it in open areas. The device might not be as secure as it should be, and this could lead to data loss.
Similarly, bring-your-own-device (BYOD) policies rely on employees using their devices for work and have become popular in recent years. Employees often use their devices to work, just as workers do with personal information.
Mixing personal and work data can increase cyber attack vulnerability. By keeping personal and work data separate, employees can encourage cyber defense in companies.
Baby Boomers are less concerned about where they store personal information
Companies are at risk from older employees who store personal data on work devices.
27 percent of baby boomers, or more than one-quarter of them, are very unconcerned with using work devices to store their personal information.
Only 17% felt unconcerned by the storage of personal data on their work devices.
Baby boomers were not raised in a world of digital technology, unlike their younger counterparts. Christine Sabino is a senior associate with data breach insurance company Hayes Connor and believes millennials naturally tend to keep work and personal information separate.
Sabino stated that “[Millennials] own more technological devices like a personal notebook, tablet, phone, mobile phone, and games console.” They are less likely than their work laptop to be used for these [personal] purposes.”
Heinrich Long, a privacy expert from Restore Privacy, suspects that the baby boomers might not be aware of the importance of keeping work and personal information separate.
Long stated that baby boomers are most susceptible to scams from catfishing and Nigerian princes.
Baby boomers may struggle to get rid of the habit of mixing work and personal information. Baby boomers won’t have as many personal devices at home as their millennial counterparts and will likely store more personal data on work devices.
Passwords for accounts on work devices can be duplicated
It is very common to reuse passwords at work.
Nearly two-thirds (63%) admit that they use the same password to access multiple work accounts.
Employees are guilty of using duplicate passwords. While it is easier for employees to remember a series of characters that are repeated, reusing passwords can pose a risk to company data.
Veronica Miller, a cybersecurity expert from VPN overview recognizes that workers must change their password habits to protect company data against hackers.
Miller stated that “saving passwords on work devices is harmful to the company as it could lead to data breaches.” Companies should make it mandatory to use strong passwords for remote work.
Companies should make it mandatory to use strong passwords for remote work.
Kobe Digital spoke to several cybersecurity experts who suggested the following password protections for companies:
- LastPass and 1Password are central password managers.
- Every few months, an automatic password reset
- Two-Factor Authentication
The center for the duplicate password issue is the employees.
By implementing security training and precautions, companies can encourage a culture of diversity in the workplace. If workers don’t have security training and precautions in place, they will likely choose to use easy, memorable passwords that compromise security.
Older employees use stronger password protection behavior
Older employees are more likely to use password protection than younger ones.
Only 2% of baby boomers use the same passwords to access their work accounts every time, while 13% of millennials always reuse work passwords.
Many cybersecurity reports show that older generations are more concerned about cybersecurity. According to some studies, millennials are a major threat to cybersecurity in the workplace.
Brad Bussie is vice president of Entisys360’s Advisen Cyber Risk Services. He attributes millennials’ poor password practices to their long-term comfort with technology.
Bussie stated that millennials trust that large service providers have their best interest in mind and that security has been built-in. They are the first generation to have easy access to global information.
“Millennials trust that large services will protect their best interests and are built-in to security.”
Sabino, on the other hand, believes that baby boomers lack the technical comfort to be confident in security features. Older employees should be more proactive in protecting their accounts, as they are concerned about password safety.
Baby boomers are more secure than millennials when they use tech skepticism to help them with password security.
Cyber risk is a major concern for companies.
According to employees, cybersecurity is a primary responsibility of their employers.
A majority of workers (91%) believe that cybersecurity is the responsibility of companies.
Every employee must implement cybersecurity protocols in their daily work. This puts them at the forefront of all workplace cybersecurity measures. Businesses must be aware of the responsibility they have for protecting company data.
Olga Gutenko is a business development manager at Vaimo and believes that businesses must have a strong cybersecurity culture to see positive changes in employee behavior.
Gutenko stated that even in remote work, employers must create a security-focused culture with buy-in from all employees and [where] employees share responsibility for security.”
Gutenko also recommends that companies follow the following steps to build a cybersecurity-driven culture.
- Invest in security education and training employees
- After training, test your staff for compliance with protocols
- Establish solid foundations for good governance
- Make sure your team is equipped with security-focused software and tools
Employees agree that it is the responsibility of companies to lay the foundation for cybersecurity at work.
Cybersecurity Protocols are a top priority for employees
Workers feel that the company should assume primary responsibility for cyber risks, but employees still feel a personal obligation to protect company data.
Over three-quarters of U.S. workers feel somewhat responsible for ensuring that cybersecurity measures are being followed at work (76%)
Many experts believe security provider Cyphere spoke out to support employees participating in cybersecurity when companies develop protocols.
Singh stated that employees have the responsibility of following guidelines and processes. “Employees should take small steps that will have a greater impact on improving culture such as responding appropriately to suspicious emails, calls, or information online.
While companies are responsible for developing and maintaining cybersecurity protocols and policies, employees must implement these policies every day.
With their employers, workers share significant cybersecurity responsibility.
Employee behavior directly affects cybersecurity at work
Only employees can achieve cyber defense goals if they behave by company policies.
According to the latest trends, workers make two common cyber defense errors: they reuse passwords and mix work and personal data on their office devices.
The most common culprits for storing personal data on work computers are the baby boomers. However, millennials take fewer precautions when choosing passwords.
Companies are most responsible for cybersecurity because employees hold the majority of that responsibility. Workers also know the importance of cybersecurity practices being implemented in their daily work activities.