Most Companies Ignore Even the Most Basic Cybersecurity Practices, Survey Finds

  • Only 33 percent of employees use secure Wi-Fi networks at home
  • Most companies have unsecure VPN solutions
  • Training to recognize phishing is not all that common

Companies have to deal with increased security risks after employees moved to home offices, but organizations’ measures differ wildly. A new survey showed that companies either don’t take the right steps to secure their business or implement only partial solutions.

It’s not difficult to imagine why people working from home pose a significant security risk to organizations. In theory, securing the interaction between employees and their companies should not be challenging, but it often implies new investments that organizations are unwilling to make.

The result is that employees will do what people do, carrying on with their digital lives as if nothing has changed even when everything is altered. First of all, the Visual Objects survey found that employees at 66 percent of companies took work computers and devices home, hoping to separate their personal and work activities.

Unfortunately, only 35 percent of companies require users to use secure WiFi networks for work activities, which means that the rest resort to their existing networks. Some might be secure enough, but there’s no way to know, and that includes worst-scenario situations in which employees connect their work devices to public Wi-Fis.

Compounding the problem is the use of enterprise VPN solutions, required by only 31% of the companies, leaving the rest of the users to either use commercial VPNs or direct connections to the company infrastructure.

The same goes for two-factor authentication (2FA), required by only 31 percent of companies for work accounts. It’s impossible to imagine a fully secure environment without multi-factor authentication, but it turns out that most users do without it.

Also, only 32 percent of companies offer phishing training for employees, even though it is one of the most common attack vectors. Some studies showed that cyberattacks in the workplace start with a phishing email 80 percent of the time.

Finally, 34 percent of companies don’t follow common cybersecurity practices, leaving their business’s security in the hands of employees.

Visual Objects surveyed 500 full-time employees in the US from September 17- 23, 2020.