A study shows that 77% of remote-working employees used unmanaged personal devices to access corporate systems.

Some undesirable Work-From-Home (WFH) habits are putting critical business systems and sensitive data at risk. Apparently, convenience outweighs corporate security, says a recent report of that aimed to gauge the current state of security in today’s expanded remote work environment.

The CyberArk Remote Work survey was conducted in late April 2020 by an independent research agency, and included responses from 3,000 remote office workers and IT professionals in the United States, UK, France and Germany.

The report showed that:

  • 77% of remote employees were using unmanaged, insecure “BYOD” devices to access corporate systems.
  • 66% of employees had adopted communication and collaboration tools like Zoom and Microsoft Teams, which have recently reported security vulnerabilities.
  • 93% have reused passwords across applications and devices.
  • 29% admitted that they allowed other members of their household to use their corporate devices for activities like schoolwork, gaming and shopping.
  • 37% insecurely saved passwords in browsers on their corporate devices.

Working parents seem to pose higher risks than other groups studied, as this group had to quickly and simultaneously transform into full-time teachers, caregivers and playmates. Good cybersecurity practices are not always at the top of mind for them.

Are home security policies enough?

While 94% of IT Teams polled were confident in their ability to secure the new remote workforce, 40% have not increased their security protocols despite the significant change in the way employees connect to corporate systems and the addition of new productivity applications.

The rush to onboard new applications and services that enable remote work, combined with insecure connections and dangerous security practices at home, have significantly widened the attack surface. Security strategies need to be updated to match this new dynamic threat landscape. This is especially true when it comes to securing privileged credentials of remote workers, which if compromised could open the door to an organization’s most critical systems and resources.

Said Marianne Budnik, CMO, CyberArk: “The security posture of organizations continues to be tested as many remote employees face daunting challenges balancing productivity and security across their professional and personal workspaces. As more organizations extend work-from-home policies for the long term, it’s important to capture lessons learned from the initial phases of remote-work and shape future cybersecurity strategies that don’t require employees to make tradeoffs that could put their company at risk.”