Stay-at-home workers are threatening corporate IT security with 93 percent of them admitting they reuse passwords and 29 percent allowing other family members to use their company-issued devices for homework and online entertainment, according to a report from CyberArk.
In a late April 2020 survey of 3,000 remote office workers and IT professionals in the U.S., U.K., France and Germany, 37 percent of the respondents said they save passwords in browsers on their corporate devices. Among the findings:
- 77 percent of remote employees are using unmanaged, insecure BYOD devices to access corporate systems
- Two-thirds of employees have adopted communication and collaboration tools like Zoom and Microsoft Teams, which have recently reported security vulnerabilities compromised could open the door to an organization’s most critical systems and resources.
“The security posture of organizations continues to be tested as many remote employees face daunting challenges balancing productivity and security across their professional and personal workspaces,” stated Marianne Budnik, CyberArk CMO. “As more organizations extend work-from-home policies for the long term, it’s important to capture lessons learned from the initial phases of remote work and shape future cybersecurity strategies that don’t require employees to make tradeoffs that could put their company at risk,” she added.
CyberArk noted that while 94 percent of IT teams are confident in their ability to secure the new remote workforce, 40 percent have not increased their security protocols despite the significant change in the way employees connect to corporate systems and the addition of new productivity applications.
The rush to onboard new applications and services that enable remote work -- combined with insecure connections and dangerous security practices of employees -- has significantly widened the attack surface, pointed out CyberArk, advocating that security strategies need to be updated to match this new dynamic threat landscape. Especially at risk are privileged credentials of remote workers, which, if compromised, could open the door to an organization’s most critical systems and resources.