Improving Home Workers' Online Security Behavior
Remote workers know the risks and understand personal cybersecurity best practices yet still don't secure their personal or work data. Here are three steps you can take to improve their cyber hygiene.
- By Rachael Stockton
- August 25, 2020
Employee cyber hygiene is a key component in maintaining online safety and data protection for businesses. As a result of COVID-19 and the shift to a remote workforce, the human element has become even harder to manage for IT teams; however, identity and access management (IAM) has risen to the task as a priority for companies looking to foster productivity and keep their resources safe.
With the threat of cybercriminals using pandemic-hack tactics, employees functioning out of their homes on personal networks and devices, and the blurred lines between work and home life, IT professionals have had new challenges to tackle in a short time. IT had to realize that employees are also consumers, and by that logic the security habits they have at home affect the workplace directly in how they access, store, and manage the company's information.
Cognitive Dissonance Prevails in Security Habits
Whether employees are working remotely or in an office setting, better online behavior is needed. Users seem to understand that; however, they don't act accordingly.
In the recent Psychology of Passwords report, LastPass found a gap between the knowledge users have about security and the actions they take as a result. In fact, 91 percent of people know reusing a password is insecure, yet an overwhelming 66 percent still reuse the same password, and 48 percent won't change a password unless it is required.
The bottom line is that consumers know the risks and understand personal cybersecurity best practices but are not taking the necessary steps to secure their personal or work data.
Incorporating Additional Layers of Data Protection
People don't realize how many points of entry hackers have to their lives. The average user has approximately 85 online accounts, and each account is a vulnerability point that can be breached.
To increase cyber hygiene, IT teams can take several steps:
- Secure access. Multifactor authentication (MFA) is an additional layer of security that can be used when logging into accounts. From biometrics to one-time codes and security questions, MFA creates a second barrier that can keep malicious actors from gaining access to personal data. Despite the extra step employees will need to take to log into accounts, the extra layer of authentication is critical, especially now that the majority of the workforce is remote.
- Enforce strong access management solutions. Part of the problem is that users continue to underestimate the risks associated with passwords. Encouraging them to use unique and strong passwords, and to store and manage them in a secure way (as with a password manager), is an essential first step to protect against malicious activity.
- Eliminate passwords where possible. With more individuals working remotely, IT needs to ensure the right people have access to the right resources for security and ultimately to keep employees productive. Single sign-on (SSO) provides IT teams with more flexibility and the ability to provide employees with access to the applications required for their role while maintaining complete visibility and control over user access.
Taking these steps considerably lowers the risk of potential issues, but organizations need to factor in the human element as well. Even after continued breaches for organizations and individuals, people seem to be numb to cyber threats. Education on cyber hygiene is paramount. Training employees on best practices and the latest cybersecurity risks -- such as phishing scams -- will help raise awareness about the small steps they can take to improve their security behaviors and do their part to keep the organization safe.
Rebuilding Secure Online Habits
Online safety can be better achieved when IT professionals and employees work together to protect personal and professional data. Although there are several components that can be implemented to protect against breaches (such as MFA and VPNs), the core challenge is still individual behaviors. As we continue to navigate the age of COVID-19 and increased remote work, incorporating additional layers of security (and security training) will help keep both the company and employees safe no matter where they work.
About the Author
Rachael Stockton is the senior director of product marketing for the identity and access management business at LogMeIn. Rachael is a cybersecurity expert with more than 10 years of experience working with customers on identity and access management, fraud prevention, and data protection strategy. Rachael received her MBA from Duke University, is a certified life coach, and holds two technical U.S. patents.