Yubico research reveals that cybersecurity best practices, including password protection, and employee training in the UK, France, and Germany are lackluster with the proliferation of employees working from home

June 7, 2021 4 minute read

We all know there have been major paradigm shifts in the workplace caused by the pandemic. With the explosion of working from home (WFH), millions of employees now call their basements and bedrooms home offices. Security professionals scrambled to put together employee onboarding and authentication protocols that met new cybersecurity requirements for remote employees. Over a year into the pandemic, they continue facing challenges as some employees stay home and others return to the office. 

So how have employees performed in the remote workplace? How secure have their work environments been in the last 15 months? We surveyed 3,006 employees, business owners, and C-suite executives at medium to large organizations (250+ employees) across the UK, France and Germany, who have worked from home and use work-issued devices, to uncover some common trends. 

Cybersecurity best practices went from bad to worse during the pandemic

Data shows that poor cybersecurity habits that employees might have had before the pandemic got worse when they started to work from home. The survey also illustrated that many businesses do not have solid cybersecurity best practices in place to deal with the new challenges of hybrid workplaces, and have been slow to implement strong cybersecurity technologies and modern authentication protocols to fill security gaps. 

Let’s start with employees by combining data across all surveyed countries: 

  • Poor password hygiene is a major issue, as 54 percent of employees admitted that they use the same passwords across multiple work accounts. 22 percent of respondents report they still remember passwords by writing them down, including 41 percent of business owners and 32 percent of C-level executives.
  • 42 percent of respondents use their work devices for personal use, which is an enterprise-wide problem. About 44 percent of business owners and 39 percent of C-level executives said they were working on personal tasks while they used work devices at home.
  • Surprisingly, even though behaviors are riskier at home, 73 percent of employees are confident that they would be able to spot and avoid phishing attacks and only 55 percent are more cautious about cybersecurity while working from home.

What are employers doing to respond? 

Nearly 60 percent of employees said that they weren’t responsible for cybersecurity and that IT teams should handle all defenses. But only 37 percent of these remote workers felt more supported by IT than they did in the physical workplace. The same 37 percent claimed they had received no cybersecurity training policy focused on staying secure while working from home. 

The survey shows that in all three countries, organizations have been slow to adopt or increase their usage of Multi-factor authentication (MFA) (22%) because of the pandemic. This is a considerable difference from the recent US-focused study by Yubico and 451 Research which stated that as a reaction to COVID-19, MFA is the top cybersecurity technology being adopted (by 49% of respondents) and 75% of enterprise security managers plan to increase MFA spending.

Cybersecurity best practices keep everyone safe

All it takes is one employee failing to follow secure practices while working from home, and the entire organization could be exposed to a cyber attack or breach.

Here are a few suggested cybersecurity best practices for improving WFH policies: 

  • Be aware of your employees’ practices and if they may be using work laptops and mobile devices for personal use. 
  • The research shows that senior-level managers aren’t immune to bad practices either, so it’s important for leadership to start modelling behavior.
  • Consider employee training that demonstrates the reality of vulnerabilities to remote and hybrid employees, including password hygiene and phishing attacks. 
  • Move toward strong authentication, such as the YubiKey, which works with legacy or modern cloud-based, passwordless infrastructures.   

Read the full report here for geographical breakdowns and to learn more about current attitudes and adaptability to at-home corporate cybersecurity, employee training, and support in the current global hybrid working era.

For a deeper dive into the findings from this report, sign up for the upcoming Yubico webinar, State of cybersecurity in Europe during the Covid-19 crisis, on June 29 at 11 a.m. PST.

About the study

The research was conducted by an independent research company Censuswide, with 3,006 employees at large organizations (250+ employees), who have worked from home at some stage and have work-issued devices in the UK, France, and Germany between February 19, 2021, and March 3, 2021. Censuswide abides by and employs members of the Market Research Society which is based on the ESOMAR principles.

Share this article:

Recommended content

Thumbnail
governmentMFAzero trust

Zero Trust is the new regulatory minimum for Federal agencies: what does that mean for authentication?

The deadline is looming for federal agencies to implement impersonation-resistant multi-factor authentication (MFA), just one of the new stronger security requirements under President Biden’s new cybersecurity executive order (EO 14028). The EO puts security front and center to address some of the worst cyber attacks against the federal government, setting up new federal compliance expectations ...

Read More
Thumbnail
federal governmentMFA

Modern MFA for the Federal Government: How the YubiKey Meets U.S. Federal Government Requirements

Learn how the YubiKey, a DOD approved alternate authenticator meets federal PIV/CAC requirements and government compliance regulations.

Read More
Thumbnail
federal governmentMFAmobile authentication

Modern Authentication for the Federal Government: Enabling Mobile, Secure Authentication in Zero Trust Environments

Learn how DOD approved hardware security keys such as the YubiKey are ideal to fill PIV and CAC related authentication gaps across the federal government, and meet the MFA mandate in the Biden Executive Order 14028.

Read More
Thumbnail
cybersecuritysecurity

People matter: How to solve security skills shortage challenges

The skills shortage in the security industry stretches as far back as we can remember having an industry. Everyone knows it’s a challenge with no easy short-term solutions. The root of the security skills shortage gap remains murky, and some observers say the pandemic and reallocations of security resources could be widening that gap. The ...

Read More