What a Year of Working From Home Taught Us About Cybersecurity and 3 Predictions for What’s Next
Working from home is here to stay—but lax cybersecurity needs to go.
This year, three-in-ten Americans responded to a Pew Research survey saying they were “almost constantly” online. Over a year into a global pandemic that forced us to trade in-person experiences for digital ones, it’s not difficult to believe that statistic.
In the workforce, those who were able left their desk jobs and settled into home offices, with companies hastily enforcing new measures. After 14 months of working from home under unpredictable circumstances, companies are finally able to reevaluate the way (and where) we work. Even in this ever-changing future, the end of the pandemic is in sight and organizations are starting to decide when—if ever—to go back to the office, and how often.
Ahead of the transition out of WFH, we surveyed 1,000 U.S. employees about their online habits and their relationship with tech as it relates to cybersecurity for businesses. Read more about what they had to say below, or get the complete report here for free.
Remote work isn’t just a fad
For many, working from home was once the ultimate dream for a balanced life. Now a reality for so many employees, the home office has brought with it new challenges. But it’s also prompted many companies to rethink policies. Do employees enjoy working from home, or do they miss office life? In numbers, here’s where employees, including chief financial officers, stand:
Yet whether your office is remote, in-person, or a hybrid of the two, your company’s data security practices need to be up to date. This year, because of remote work, companies have seen an increase in:
- Phishing attacks: Hackers prefer easy targets—including a remote work environment that is likely less secure than the corporate perimeter. During the pandemic, for example, a quarter of employees surveyed by Deloitte reported a higher number of spam, fraudulent, and phishing emails sent to their corporate accounts.
- Unsecure practices: A reliance on cloud-based collaboration and sharing tools creates more instances of employees reusing passwords, connecting via unsecure or public WiFi, and using unpatched devices. That, in turn, creates a bigger attack surface.
From our survey, it’s clear that employees aren’t necessarily motivated to combat these risks. Many employees surveyed still have poor password habits, like reusing passwords and storing or sharing them in unsecure places and platforms. And though they may be aware of security risks, they don’t necessarily have the tools to change their online behaviors for good, nor the motivation to voice these concerns. To many, company security policies—like resetting passwords—are an inconvenience that employees must find ways around in order to get their work done quickly.
Suffice it to say, businesses need to rethink their security and address gaps such as laidback, risky processes. What can our research tell us about the future of business so that we can stop these bad habits in their tracks?
Prediction #1: The workplace as we know it will transform and employers will embrace flexibility
Our survey found that only 38% of our respondents spend a significant amount of their waking hours offline. In our always-on, never-miss-anything culture, this comes as no surprise—and in fact, 64% of respondents prefer to take care of things online vs. in person, 62% say fast access to online services and information is essential to their life, and 54% seek out ways to make their online experiences more efficient. But issues arise when we consider how and where employees are accessing company data and other business-related resources. For example, 43% use their mobile devices more than their laptops and desktop computers, but how often are those mobile devices provided by employers or secured?
The physical separation between personal and company spaces, devices, and even schedules will completely disappear. This is an opportunity for businesses to embrace flexibility and provide employees with tools and resources that support both personal and work needs and interests.
Prediction #2: Employees will seek more convenience, and businesses will need to simplify employees’ lives
Employees want to make their lives more efficient and convenient, which often means taking shortcuts to simplify things and (understandably) eliminate stress. We found that 35% of respondents feel overwhelmed by keeping track of all their account information and logins, and 18% feel they’re wasting a lot of time trying to get into online accounts. Further, 48% blame themselves rather than the app or service when they have difficulty logging in, adding to mounting frustrations in an already tense time.
And it's no wonder: 48% of respondents say every website or app they use requires a different set of steps for logging in to their account, which leads to about the same amount (49%) creating their own tricks and shortcuts for managing logins. (We've all seen the sticky notes and password spreadsheets!) It's relatable that 45% of respondents report feeling good when a website remembers them and they don’t have to type in a password—but whether that website is storing that information securely is another matter entirely.
As work and personal lives further intertwine, employees’ personal online habits and attitudes will continue to bleed into the workplace. Businesses will take a closer look at the blended work/home lifestyles and provide new tools to simplify their employees’ digital lives without compromising security.
Prediction #3: Businesses will pivot their focus to create a security-first culture.
When it came to security, respondents’ behaviors didn’t necessarily reflect feelings and beliefs—for example, some employees say they reuse passwords even while feeling guilty for doing so—26% of them!
The contradictions don't end there. While 78% of respondents believe it’s important to be knowledgeable about online security, 36% write down passwords on paper, 23% store them in their browser, and 16% record them in other unsecure ways (e.g. address book or a notes app on a device). And only 15% use the best-practice solution: a password manager!
How can businesses reconcile this? To align attitudes with actions, businesses will change the way they implement and nurture a security mindset across the entire organization. They’ll look for human-centered solutions that can solve security challenges while providing a seamless user experience, regardless of where employees are getting their work done.
Want to learn more about the latest trends and, more importantly, what you can do about them for your business? Read our latest report, The Future of Security in the Hybrid Workplace.