New research from Yubico, the hardware authentication security keys manufacturer, has identified a number of significant security issues that have emerged as a result of the shift from office-based working to home working during the COVID-19 pandemic.
They asked just over 3,000 employees of large organisations in the UK, France, and Germany a series of questions about their online security habits and the results were revealing.
Poor habits putting security at risk
They found that more than half of respondents (54%) admitted to using the same passwords across multiple work accounts. Recycling passwords in this way makes life far easier for hackers since they just have to crack one password to access several accounts.
Almost a quarter of respondents (22%) said they kept track of passwords by writing them down.
This is an absolute schoolboy error, yet it seems to be the more senior executives that are guilty of the practice. Yubico found that 41% of business owners used this method and 32% of C-level executives.
A lack of training and resources
Some of this bad practice might come down to a lack of training. Despite the fact that we are now a year into the COVID-19 pandemic, the Yubico research found that 37% of employees across all sectors are yet to receive cybersecurity training to work from home.
Meanwhile 43% of employees think that cybersecurity isn't the responsibility of the workforce at all. A whopping 60% (almost two thirds) of those surveyed said that cybersecurity matters should be handled by their corporate IT teams.
This overlooks the reality that when working from home employees have to take a degree of personal responsibility for this too. But of course, they do have every right to expect appropriate training.
The Yubico survey did also find that many corporate IT teams are not delivering for their staff either.
37% of respondents said they felt more supported by IT than they did when working onsite, which suggests that almost two-thirds do not.
As a result, 51% of respondents often try to solve their own IT problems rather than contacting their IT team and 40% said they wouldn't immediately inform their IT team if they clicked on a suspicious link.
Given that Yubico provide two-factor authentication solutions, their big area of interest was in the uptake of 2FA during lockdown. But it isn't good news.
Only just over a fifth (22%) of respondents said that their employer had introduced 2FA at all and of those, just over a quarter have opted for hardware security keys of the type that Yubico manufacture.
The rest all depend on technology like mobile authentication apps and SMS one-time passcodes.
What's the story in the UK?
Obviously, this data is taken from respondents across three countries, so does the picture look any more positive if we look at the UK data in isolation?
Not really. A whopping 62% of British respondents have not completed cybersecurity training for remote work – almost two-thirds.
42% said that they feel more vulnerable to cyber threats when they are working from home and 39% (almost 4 in 10) said they felt unsupported by their corporate IT team.
All of these figures are worse than was seen in France and Germany.
This is reflected in user habits too. More than a fifth (22%) of UK workers would use the same work email log-in again after a security breach, while nearly a third (31%) said they would share work email passwords with others.
When asked what they would do if they clicked on a suspicious link on their work device, 16% said they would ‘figure it out by themselves' while 12% said their reaction would be to ‘ask Google'.
While home working has provided a huge opportunity for many to reassess their work-life balance, it has also increased the cyber-security risks that both individual workers and businesses are facing.
How to stay safe when working from home
As Yubico will no doubt want to stress, the use of 2FA devices like the ones they produce can play a big role in securing remote working devices.
Yubico's key product, the YubiKey, delivers strong hardware protection, with a simple touch, across any number of IT systems and online services. Meanwhile its YubiHSM is an ultra-portable hardware security module that protects sensitive data stored in servers.
There are other simple ways that remote working employees can stay safe online too. Using a VPN is one of them, as a VPN will encrypt their internet connection and ensure all of their data is secure and private.
To find out more about using 2FA and VPNs to protect yourself when working from home, and the various other tools and methods that are available to you, take a look at our detailed Guide to Remote working from Home.