Business Express is an online portal that covers the latest developments in the world of business and finance. From startups and entrepreneurship to mergers and acquisitions, Business Express provides reporting on the stories that matter most to business leaders and decision-makers.The website publishes news, press releases, opinion and advertorials on various financial organizations, products and services which are commissioned from various Companies, Organizations, PR agencies, Bloggers etc. These commissioned articles are commercial in nature. This is not to be considered as financial advice and should be considered only for information purposes. It does not reflect the views or opinion of our website and is not to be considered an endorsement or a recommendation. We cannot guarantee the accuracy or applicability of any information provided with respect to your individual or personal circumstances. Please seek Professional advice from a qualified professional before making any financial decisions. We link to various third-party websites, affiliate sales networks, and to our advertising partners websites. When you view or click on certain links available on our articles, our partners may compensate us for displaying the content to you or make a purchase or fill a form. This will not incur any additional charges to you. To make things simpler for you to identity or distinguish advertised or sponsored articles or links, you may consider all articles or links hosted on our site as a commercial article placement. We will not be responsible for any loss you may suffer as a result of any omission or inaccuracy on the website.
Nic Sarginson - Business Express

Are working from home employees cyber-safe?


By Nic Sarginson, Principal Solutions Engineer, Yubico

The office exodus that is predicted to follow the current pandemic poses a number of challenges for business and team leaders. They will be concerned about maintaining collaborative cultures when teams are dispersed, and in ensuring innovation does not stall or leadership skills diminish. Among their ruminations should be the cybersecurity of an increasingly remote workforce.

In the office, the corporate network is professionally protected. With remote working, employees are using home connections; they may even be accessing applications from coffee shops and other locations. Building a ‘wall’ around the corporate network and protecting everything within it is no longer sufficient.

Recent research of companies in the UK, France and Germany explored cybersecurity in the work-from-anywhere era and reveals some startling insights into the attitudes and practices of employees and business leaders. It’s clear that there’s a security gap that needs to be addressed – these gaps can be found across workplace culture and attitude, existing authentication deployments, and cybersecurity training.

That’s a significant ‘to do’ list but one that needs urgent attention because cybercrime ultimately hurts business. In fact, the cost of cyberattacks on businesses across the UK is put at £34 billion annually, according to the Centre of Economics and Business Research (CEBR).

To mitigate that risk, companies need clear, comprehensive cybersecurity policies and keep up-to-date with the latest threats and forms of protection. Policies need to be understood across the entire organisation, adhered to and backed by hands-on IT training and support.

Attitudes to cybersecurity
Worryingly, data from the research indicates that, since the start of the pandemic, employees have been engaging in poor cybersecurity practices on work-issued devices. What’s more, in some areas business owners and leaders appear to be the worst culprits. A surprising 44% of business owners and 39% of C-level executives admit to performing personal tasks on work-issued devices every day, while 23% of owners actually use them for illegal streaming or watching TV.

Such blurring of the corporate/personal divide increases the risk of a security breach – a risk that only increases when we consider the workarounds employees are using when they login to work. Over half (54%) of employees use the same passwords across multiple work accounts. If those passwords were to become compromised, unauthorised users could potentially gain access to a suite of applications and data.

Don't miss out on any breaking news or insightful opinions!
Subscribe to our free newsletter and stay updated on the go!


By submitting this form, you are consenting to receive marketing emails from: Global Banking & Finance Review. You can revoke your consent to receive emails at any time by using the SafeUnsubscribe® link, found at the bottom of every email.

Adapting to at-home cybersecurity
Unfortunately, the research also shows that enterprises are falling short on the type of cybersecurity practices they should have in place for out-of-office environments.

Many organisations use basic authentication for employees to gain access to work systems and applications, but this should be supplemented with stronger forms of authentication. Usernames and passwords alone at login provide insufficient protection, yet less than a quarter (22%) of respondents to the survey have implemented two-factor authentication (2FA), which requires an additional layer of security before access is granted.

Where authentication protection has been implemented, mobile authentication apps and SMS one-time passcodes (OTPs) are the most popular. While these basic forms of 2FA provide a higher level of protection than a username and password alone, they can be vulnerable to phishing and man-in-the-middle threats. OTPs sent using SMS can fall victim to ‘SIM-swap’ fraud, or an employee could be tricked into unknowingly providing it to an adversary.

A hardware-based security key is the strongest form of authentication. It’s a physical device for employees to leverage when logging in to work applications and systems. Google, having been involved in defining the open standard for strong authentication, uses the technology to protect employees and has integrated support for FIDO security keys into the available security protections for Google users. Vendors such as Microsoft, Twitter and even Facebook adopt FIDO to protect both their users and own platforms.  Keys provide advanced protection, and are simple to use, yet only 27% of the research respondents acknowledge that their company is rolling out keys compliant with the FIDO open authentication standards.

Employee training and support
Clearly there is more to do to improve cybersecurity practices and the same can be said for employee training and support. A year after the pandemic began and 37% of employees have yet to receive cybersecurity training to work from home. Additionally, the same percentage say they feel more supported by IT.

It appears there is a disconnect between the technology support that is available and employees’ willingness to engage with it. Over half (51%) admitted to trying to solve IT problems on their own, rather than contact the relevant department, and worryingly, 40% of respondents wouldn’t immediately report if they clicked on a suspicious link.

Such behaviour risks reducing the IT team’s ability to carry out its duties and to take quick action in the event of a threat to the corporate IT infrastructure.

Remote and hybrid office/home working policies have big implications for corporate cybersecurity. Out-of-office employees engaging in poor cybersecurity practices open up the organisation to an increased level of risk. Cyberthreats have only increased this past year and have the potential to cause significant financial and reputational damage to businesses.

Recent Post: