On World Password Day 2020, a day that reminds organizations to assess their cyber-hygiene and data security, Entrust Datacard released the findings of its State of Remote Work Cyber Security Survey. The results highlight the critical need to address data security challenges for employees working from home as a result of the novel coronavirus pandemic based on responses from 1,000 US full-time professionals.
As social distancing mandates took effect in March 2020, employers found themselves in a massive remote work experiment, testing their cybersecurity readiness. Home workplaces introduce new risks as many employees find themselves distracted and are using personal devices to connect to corporate resources. Bad actors have taken advantage – there was a 350 percent increase in phishing attacks in March, according to Google data.
Password best practices are critical for remote workers to protect against online hackers and members of their own households. Despite this, Entrust Datacard’s survey found that an astounding 42 percent of employees surveyed still physically write passwords down, 34 percent digitally capture them on their smartphones and 27 percent digitally capture them on their computers. Additionally, nearly 20 percent of the employees are using the same password across multiple work systems, multiplying the risk of sensitive data if a password is compromised or stolen.
“While many employees are set up to work securely by their employers, they continue to seek simplicity, even if that means insecure password practices and higher risk. As organizations continue to support employees working from home, it’s clear that they need to ramp up cybersecurity training and technology,” said James LaPalme, Vice President & General Manager of Authentication Solutions at Entrust Datacard. “Encryption combined with advanced authentication, including passwordless solutions that leverage smartphone biometrics, can deliver the frictionless experience employees seek and the confidence organizations require. These solutions will one day make World Password Day obsolete and I don’t think employees or employers will miss it.”
In addition to password practices, Entrust Datacard’s State of Remote Work Cyber Security Survey revealed several insights into employee sentiment toward remote work and cybersecurity.
Nearly half of workers surveyed are receiving COVID-related phishing emails – one quarter of them are putting their company’s data at risk
Employees surveyed are well aware both of phishing scams in general (82 percent) and of phishing scams specifically related to COVID-19 (81 percent) – in fact, 45 percent say they have received a COVID-19-related email from an unknown sender. Despite this high awareness, roughly one-quarter (24 percent) of employees say they’ve clicked on a link from an unknown sender before determining their legitimacy, while just 36 percent deleted the email and only 12 percent reported the email.
Workers are not set up properly for good cyber-hygiene while remote
The majority of employees surveyed (63 percent) are connecting to their company’s VPN during this time, yet they are using unique passwords to access different company resources (64 percent), rather than a more secure solution like single sign on with multifactor authentication.
Nearly 60 percent of the workers cite anxiety and inadequate technology as key remote work challenges
Most employees (59 percent) surveyed find it more difficult to get their work done while working remotely during the pandemic. Of those who said it’s more difficult, 26 percent are finding it much more difficult. External distractions, COVID-19 related anxiety and inadequate amenities (i.e. slow internet) are the top three-cited reasons for this heightened difficulty. Additionally, remote workers in education, government, healthcare and manufacturing cite the challenge of work duties that do not always translate to remote work.
Remote workers are sharing devices with family members, raising new Shadow IT risks
While working from home under stay-at-home orders, 36 percent of employees surveyed are using one or more personal devices to access company files — these create opportunities for employees to make use of shadow IT, creating risks (i.e., phishing, malware, DDoS). Moreover, 29 percent of those using one or more personal devices to work share that device with other members of their household, creating further risk.
Consumers are skeptical their personal data is safe when conducting personal business online
Survey respondents feel less confident about their security when handling personal business. Sixty-eight percent of respondents are doing more personal business online during the pandemic, including shopping, banking and social media, and more than half (58 percent) are skeptical of the level of security provided by these online vendors and service providers.
Employees — particularly Gen Z — don’t expect a return to the office as usual
Social distancing mandates have forced employers to embrace remote work, and employees to rethink their expectations. Forty-four percent of all respondents expect to work from home either more frequently (33 percent) or permanently (11 percent). These percentages are markedly higher among Gen Z (ages 18-23) employees, fully half of whom (50 percent) do not anticipate a return to work as usual.
About Entrust Datacard Corporation
Consumers, citizens, and employees increasingly expect anywhere-anytime experiences — whether they are making purchases, crossing borders, accessing e-gov services or logging onto corporate networks. Entrust Datacard offers the trusted identity and secure issuance technologies that make those experiences reliable and secure. Solutions range from the physical world of financial cards, passports and ID cards to the digital realm of authentication, certificates, hardware security modules and secure communications. With more than 2,500 Entrust Datacard colleagues around the world and a network of strong global partners, the company serves customers in 150 countries worldwide. For more information, visit www.entrustdatacard.com.