A OneLogin survey covered how employees are using work devices for a variety of other things.
The transition to working from home has been rocky for millions of people as they adjust to transitioning workplace policies into the privacy of their own home. According to a new report from cybersecurity firm OneLogin, people are using work devices for much more than work, even after they’ve had accounts or passwords compromised.
The company’s 2020 COVID-19 State of Remote Work Survey Report features a global survey of 5,000 employees who started working remotely since the outbreak of COVID-19.
Of those surveyed, 30% have had a corporate device breached and only 10% changed the password afterwards. Half of organizations globally have not established cybersecurity guidelines regarding remote work according to the survey and US remote employees use work devices to access adult entertainment sites more than any other country.
Half of UK respondents had not changed their home Wi-Fi password in the last two years, compared with 36% overall, and 25% never changed their password while 45% of US workers have given their work passwords to their child or spouse, compared to 13% in the UK and 9% in France.
“Working from home has invited unprecedented challenges to cybersecurity,” said Brad Brooks, CEO and president of OneLogin.
“As the lines between personal and corporate worlds continue to blur, it’s critical that organizations adopt technology and policies that make it as simple as possible for employees to keep systems secure.”
While employees in many countries are struggling with separating work devices from personal ones, people in the US are having particular trouble with it. In addition to nearly half of respondents sharing their work device with someone else in their home, 36% accessed work applications through a personal laptop or device.
Respondents in the US also shared other things they have done since beginning to telework. More than 20% of US respondents have worked on a public Wi-Fi network and 33% have downloaded a personal application without approval from management or IT.
Just 16% of US respondents had done none of these things.
The numbers were very different in the UK, France, Germany, and Ireland. In the UK, 60% of respondents reported that they never used work devices in any of the ways suggested, while 55% and 51% respectively in Germany and Ireland also said they had never used a work device in any of the ways described. French respondents were a bit closer to the US in terms of how lax they were with work devices, but only 20% said they had downloaded a non-approved application.
In terms of websites visited on work devices, US respondents were very liberal, with 50% saying they streamed services and 62% said that they used YouTube. Nearly 40% of respondents used work computers for online gambling/gaming sites and 17% used their work computers to access adult entertainment websites.
The numbers were far lower for the UK and Germany. For both countries, only 30% accessed streaming sites and less than 15% did online gambling or looked at adult entertainment sites.
French and Irish respondents were somewhere in the middle, with more than 35% of people saying they used some kind of streaming service or YouTube.
As the report notes, just 3.6% of US employees worked from home before the COVID-19 outbreak, but more than 62% of employees said they were now working from home in a Gallup poll conducted in April. Enterprises have struggled to help their employees manage the transition, but there were some positive aspects of the survey.
Nearly 40% of US respondents said they had updated their Wi-Fi passwords in the last month and 28% reported that they had updated their passwords within the last six months. Only 7% said they had never changed their Wi-Fi password.
The report even broke it down by regions of the US, finding that respondents on the West Coast generally had better Wi-Fi password practices than those elsewhere.
Respondents from Europe had lower numbers when it came to Wi-Fi password policies, with 36% of people from the UK reporting that they had never changed their Wi-Fi password at all and just 19% had updated it in the last month. The statistics were similar in Germany and Ireland.
“Aside from poor Wi-Fi password practices, remote workers are prone to several bad habits that can open your organization up to a breach. Poor remote work hygiene includes frequency of working on a public Wi-Fi, sharing your work computer with a child or a spouse, accessing work applications from a non-work device, and downloading applications that are not approved by IT. All of these bad habits increase the risk of data exposure,” the report said.
The report did add that a high number of US respondents said their employers were taking advantage of multi-factor authentication (MFA). In the US, 60% of those surveyed said their company had an MFA solution, higher than respondents from other countries.
More than 50% of Irish respondents said their enterprise implemented MFA, followed by Germany at 49%, France at 48%, and the UK trailed with 33%. In Germany, almost 40% of respondents were unsure.
Despite the use of MFA, US respondents were more likely to report that they had been affected by a breach. Just 33% of US respondents said they had not been breached, while 77% of French respondents reported that they had not been breached, followed by 73% of UK respondents, 73% of German respondents, and 63% of Irish respondents.
“But, there is a more disturbing stat here–out of the 62% of people who reported that they were impacted by a breach, 24% of those people have not changed their password. So, 24% of people basically ignored the fact that a breach occurred and still continued using the same credentials. Pretty scary,” the report said.
“Even though US respondents were most likely to work for employers who implemented multi-factor authentication, they also were most likely to access personal information from work computers and, ultimately, they were the most likely to report being breached.”