Many woerkers are continuing to put their companies at risk of a cybersecurity breach, according to the CyberArk 2024 Employee Risk Survey.
CyberArk Partnered with Censuswide to survey 14,003 employees around the world to determine their habit when using a computer for work.
The survey found 65% of employees are finding ways around cybersecurity in the name of productivity.
The main ways employees tend to do this is by using the same password for multiple accounts (27%), using personal devices as wi-fi hotspots (20%), avoiding installing updates that take too long (18%), using personal devices instead of corporate-issued ones (18%) and forwarding corporate emails to their personal account (17%).
There are also many other ways employees could be putting their companies at risk, such as using accounts intended for work on their personal devices (60%) and sharing their work password with a colleague, for what they believe to be legitimate reasons (45%).
In the report, cyber security experts from CyberArk said while many don’t intend to cause a security breach when it comes to cybersecurity little everyday behaviours can make a big difference.
“If a password for a seemingly low-value enterprise tool is compromised and this password is used to login to multiple other corporate applications, an attacker could move laterally and gain easy access to more valuable information and systems within the organisation,” the report said.
The survey found 66% of respondents are able to access and handle sensitive data, regardless of seniority level.
This includes downloading customer data (40%) altering critical or sensitive data (33%) and approving large financial transactions (30%).
“Attackers can easily collect and analyse data travelling across a network simply by being on the same network,” the report said.
“We recommend using a secure browser to achieve a consistent and secured approach to external BYOD access controls — even for those personal devices that cannot have any endpoint agent installed.”
AI has also been heavily adapted to the workplace, with 72% of respondents saying they use it for work, despite this, the survey also found that 9% of the respondents said their company doesn't have any AI policies.
CyberArk CEO, Matt Cohen said the findings show that high-risk data is scattered throughout every job role and that there is a pressing need to reimagine workforce identity security with every user.
“For far too long, the standard approach to workforce access security has been centred around basic controls like authentication via single sign-on,” he said.
“This ignores the reality of the modern worker and the changing nature of identity: the average employee can be a casual workforce user and, the next moment, a privileged account."