Company security is crucial. However, companies are not doing enough to improve the personal security practices of their employees. Credentials are still the most commonly attacked data type because they are gateways to ransomware and data theft. 61% of data breaches in 2021 were related to the use of stolen and compromised credentials.
According to the Verizon 2021 data breach investigation report, criminals used a pandemic to increase phishing attacks. This is 36% of data breaches and is the root cause of credential theft, up 9% year on year.
We know one of the best ways to protect business data. The use of MFA is expanded, providing an option for more than 50% of companies to use MFA, and according to Yubico and 451 research, approximately 74% of the organization will increase investment in MFA solutions.
Major platforms such as Salesforce require all registrations in February 2022, and organizations such as IRS have a strong attitude to MFA requirements. Each platform should follow the suit. Increased assumptions and additional costs are good, but progress is too slow.
To improve the security of the entire enterprise, organizations need to actively educate their employees and provide tools to apply the same practices to their personal lives. When we associate the word company with security, we take employees off-hook.
At work, we send a message that we need to follow a safe process. This means that there are no such requirements at home.
In August 2020, Malwarebytes Labs reported that 20% of organizations experienced security breaches from remote workers.
Given the surge in teleworkers and the length of time the pandemic has affected the workforce, this number may be understated. Equally alarming is that the employees themselves are too convinced that they are likely to be the cause of the breach.
The slow adoption of security best practices is often due to the complexity of the tools and user experience. We are all habitual creatures, and if we encourage the use of password managers, multi-factor authentication, and firewalls for personal use, resistance to the corporate implementation of these tools will decrease.
Organizations are no longer in office space, as we are all connected, the demand for working everywhere is increasing, and the number of malicious actors who are benefiting from the remote workforce is increasing.
You cannot limit your efforts and ignore your home environment. The cost of training and licensing to support telecommuting employees is a small investment that is worth the increased security of the workplace and is a benefit to protecting employee personal data.
You may also be interested in: