Employees working from home on a company-provided computer are putting businesses at risk with one in four consumers admitting to using their work email or password to log in to consumer websites and apps such as food delivery, online shopping and even dating apps.
A new study from automation platform Ivanti surveyed 1,000 Americans working from home during the pandemic on a company-provided computer to examine how consumer and enterprise cybersecurity habits have changed.
"The FBI issued a warning about an increase in credential stuffing attacks in September 2020 and yet consumers are still using work emails and passwords to log in to consumer apps and websites, putting the enterprise at significant risk of a credential stuffing attack," says Phil Richards, CSO at Ivanti.
Although companies have taken steps to beef up their cybersecurity, nearly one in four are still failing to follow zero trust security best practices, such as multi-factor authentication and corporate workspace segregation policies.
Among the respondents 30 percent say their organization doesn't require remote workers to use a secure access tool, such as a VPN. 28 percent of employees are not required to have specific security software running on their devices to access certain applications while working remotely, and 24 percent of companies don't require their employees to update their password every six months or use a one-time password generator.
"Given the increase in data breaches of consumer-based companies and online communities, it is very likely that enterprise email and passwords are already exposed on the dark web. Companies across all industries must implement a Zero Trust model to ensure that entities accessing corporate information, applications, or networks are valid and not using stolen credentials," adds Richards.
You can find out more and get the full report on the Ivanti site:
Find out how you can get a complete end-to-end mobile threat protection