Companies Face Challenges in User Security: Strategies for Improvement
In the digital age, the boundary between personal and professional life has become increasingly blurred, especially with the shift to remote work. A recent survey by cybersecurity company pace-IT GmbH has shed light on this issue, revealing some concerning trends in the cybersecurity habits of employees.
The survey, released on Tuesday, included data from users aged between 18 and 65 years. One of the most striking findings was that at least 37% of participants use their work laptop, desktop, or smartphone to access personal online accounts. This blurring of lines could potentially expose corporate data to risks.
Anything that touches even a little bit of corporate data has to be managed by the organization's security team. However, the survey also found that password managers, a crucial tool for secure password storage, are more likely to be used on work devices, not personal ones. This could leave personal accounts vulnerable.
In 2021, there are still authentication forms that don't have Multi-Factor Authentication (MFA) mandatory. MFA is a corporate security practice that users will have to use if they intend to access work data from their personal devices. pace-IT GmbH has recommended mandating MFA for all access points to company data, as it adds an extra layer of security.
The July 2020 Twitter hack was a stark reminder of the risks of lax security. The incident was a result of a lapse of employee judgement and a successful social engineering campaign leading to malicious lateral movement. It underscores the importance of security awareness and best practices.
Despite the spike in more online accounts, users still recycle their passwords or don't update them. One-third of respondents use the autofill option on their devices for password management, which can lead to the use of compromised passwords. Twenty-eight percent write their passwords down in a physical format for management, another risky practice.
Thirty percent do not use antivirus software for their mobile device, whether phone or tablet. This lack of protection could leave these devices vulnerable to cyberthreats. Six in ten users experienced at least one cyberthreat in the last year, including scam calls and phishing, according to a Bitdefender survey of over 10,100 global participants.
However, it's important to note that companies cannot dictate user security behaviours online, but they can influence them with basic training. The rapid shift to remote work has led to changes in security organisations, enforcing better monitoring tools and security tools.
Despite these concerns, the personal security habits of employees have not changed much since pre-pandemic. This is a blind spot in infrastructure that companies should actively search for and address.
Despite the challenges, there is a silver lining. More than half of users (52%) manage their passwords through memorization, suggesting that there is room for improvement in password management practices, but also indicating that users are willing to adopt new practices if guided correctly.
In conclusion, the survey highlights the need for continued education and awareness around cybersecurity practices, particularly in the context of remote work. By implementing measures such as MFA, providing security training, and encouraging the use of password managers, companies can help to protect their data and their employees' personal information.
