Employees working from home are putting their organisations at increased risk of cyberattacks by exercising poor security hygiene, according to a report released by Ivanti, the automation platform that helps make every IT connection smarter and more secure. The 2021 Secure Consumer Cyber Report found that one-fifth of consumers admit to recycling their work email or password to log in to consumer websites and applications such as food delivery apps, online shopping sites and even dating apps.
The Secure Consumer Cyber Report surveyed 1,000 UK consumers who have been working from home during the pandemic on a company-issued computer to examine how consumer and enterprise cybersecurity habits have changed. The report’s findings reveal that poor security hygiene and gaps in enterprise cybersecurity strategies are putting businesses at risk.
In addition to recycling login credentials, the main areas for concern identified are:
- Personal devices for work access: More than one-third (39.93%) of respondents said they are allowed to use a personal device such as a laptop, smartphone, tablet or smartwatch to access company applications and networks.
- Two-Factor Authentication for IoT devices: Nearly half (47.87%) of respondents have not set-up Two-Factor Authentication for smart devices in their homes.
- Secure access tools: Almost one-third (32.5%) of respondents claim their organisation does not require users to use a secure access tool, such as a VPN.
“The poor security hygiene and shortfalls in enterprise security emphasised by the report are creating a perfect storm for cybercriminals looking to take advantage of consumers working from home. By reusing passwords and failing to implement corporate workspace segregation policies and Multi-Factor Authentication, businesses are increasing their risk of falling victim to credential stuffing attacks,” said Nigel Seddon, VP EMEA West at Ivanti.
“Given that there has been a recent increase in the number of data breaches targeting consumer-based companies and online communities, it is very likely that enterprise email and passwords are already exposed on the Dark Web. Companies across all industries must implement a Zero Trust model to ensure that entities accessing corporate information, applications, or networks are valid and not using stolen credentials,” said Seddon.