Ivanti has released a new report that suggests that remote workers are still engaging in risky cybersecurity practices while on the job. Most notably, a full 25 percent of consumers are using work emails and passwords to log into private applications like food delivery services and dating apps. That creates a major security risk for larger organizations, since the workplace could be compromised if those credentials are ever exposed in a data breach.
With that in mind, Ivanti’s 2021 Secure Consumer Cyber Report emphasized the need for good password behavior, noting that people should never reuse passwords in general, and especially should not reuse work passwords when signing up for personal applications. However, the report did assign some of the blame to those people’s employers, since many organizations are not taking the steps needed to enforce strong security practices. For example, 30 percent of remote workers said that their organization does not require the use of a secure tool like a VPN to gain access to corporate materials.
A similar number (28 percent) reported that they did not need to have specialized security software running on their work devices, while 24 percent worked for companies that did not ask employees to update their passwords regularly, or else supplement those passwords with one-time passcodes or some other form of multi-factor authentication. Ivanti encouraged those companies to adopt Zero Trust security practices as soon as possible.
“Given the increase in data breaches, it is very likely that enterprise email and passwords are already exposed on the dark web,” said Ivanto CSO Phil Richards. “Companies across all industries must implement a Zero Trust model to ensure that entities accessing corporate information, applications, or networks are valid and not using stolen credentials.”
The findings in the report are based on a representative survey of 1,000 Americans who have been working from home during the COVID-19 pandemic. Ivanti itself added biometric authentication to its Enterprise Management portfolio back in August.