How Security Leaders Can Handle the Risky Behavior of Remote Workers Blog

With compromised data and crippling security breaches on the rise, CISOs must ensure that every asset within the organization is secure against growing information security risks. While implementing the right policies, tools, and strategies is a crucial part of the job, many security leaders overlook securing their employees, who are arguably an organization's most important asset.

Studies have shown that human actions cause 90% of security breaches. As remote and hybrid work environments become a permanent fixture for many organizations, the risks employees expose themselves to become even more significant. First, remote employees are more susceptible to cyberattacks because of a lack of direct support from their IT teams. Second, employees log in to company systems through their home networks for remote access, which is risky because they're also conducting personal tasks on those same work devices. This combination exponentially increases the threat landscape and must be addressed by CISOs.

With 46% of the Alexa top one million websites deemed risky, employees are unknowingly putting their businesses at risk with their online activity. We recently analyzed more than half a million dangerous website visits by enterprise employees in more than 20 countries. Based on this analysis, we identified the top risky behaviors enterprise employees engage in online. Below, we double down on each of these activities and the security risks they pose.

• Leveraging P2P Software and Private VPNs: The number one threat to enterprises is the use of peer-to-peer (P2P) software, private VPNs, and anonymizers, which allow users to freely access and share content without being recognized. This anonymity poses a high risk for enterprises, as studies show that 38% of private VPNs contain malware, and 82% of private VPNs can read their clients' sensitive data.
• Visiting Compromised Websites: In second place is visiting compromised shopping websites. For these schemes, cybercriminals create fake websites that imitate popular online sites like Amazon to trick employees into disclosing collect credit card or authentication data.
• Streaming Pirated Content: Our benchmarks reveal that 3% of users in a typical enterprise watch pirated TV shows and movies. With one wrong click, employees can unwittingly install malware onto their laptops.
• Using Personal Cloud Storage: Many employees try to back up their corporate data in their personal cloud. Simply put, businesses must prevent sensitive information from traveling outside of their control. Using personal cloud storage may violate client contracts that prohibit sharing sensitive data outside corporate systems.
• Accessing Websites that Enable Online Fraud: Fake charities and fraudulent crowdfunding campaigns leverage holidays and news stories (i.e., hurricanes) to lure generous and unsuspecting employees into making contributions or sharing their bank account or credit card information.

Employees require specialized guidance to identify and remediate each of these online threats effectively. By delivering
just-in-time personalized advice to employees as they visit risky websites, security leaders can help their workforces understand how individual behavior affects their organization's security posture and take proactive steps to address these threats. For more information about how SecurityAdvisor can help quantifiably reduce security incidents through personalized, real-time coaching.