- 89.4% of remote employees reported taking their work cybersecurity seriously.
- 48.3% of remote employees had been the target of a phishing/cybersecurity attack at least once. Over 40% of these remote employees experienced data breaches and/or related repercussions as a result.
- Overall, remote employees felt they take their work cybersecurity more seriously than their employers.
Cybersecurity wasn’t exactly under control prior to the pandemic – data breaches and congressional hearings were somewhat part of the American norm. Since those “normal” days, roughly 71% of the American workforce has gone remote and has essentially taken cybersecurity (for themselves and their company) into their own hands. As such, the cybersecurity of these employees has become a big concern for many companies.
Wanting to know more, we spoke directly to more than 1,000 full-time remote employees in the U.S. We asked them about their cybersecurity requirements for work; how those requirements are paid for; how seriously they take online security; and whether or not they had ever experienced a cybersecurity threat. For a very detailed look into remote cybersecurity during the pandemic, keep reading.
Required Safety Protocols
First, we wanted to know what requirements companies currently had in place to protect themselves and their remote workers, if any. Pre-pandemic and post-pandemic requirements were compared, as well as how requirements differed depending on the size of the company each employee worked for.
Almost everyone surveyed (98.5%) reported using a computer to work remotely. In other words, the computer was the primary source and threat to cybersecurity. Of these respondents, 82.5% said their companies financed their computer choice for them. Far fewer companies provided tablets and smartphones, despite many remote employees using them – perhaps opening up another weakness within the security network.
With many workers moving from corporate offices to home offices during the pandemic, cybersecurity ultimately became more lax. Since the change in working environment, employees were less likely to use secure Wi-Fi or antivirus software. VPNs (virtual private networks), however, were seeing a slight increase in usage since the pandemic. VPNs essentially give online privacy by creating a private network from a public connection. This way, the user’s actions (like those that share sensitive information) are virtually untraceable.
Larger companies tended to be more likely to require certain security features. The use of two-factor authentication and VPNs, for instance, increased proportionately with company size. That said, 43% of cybersecurity threats globally target small businesses, as they are often unable to utilize as many defensive resources as larger companies. Businesses with under 50 employees reported relying most often on secure Wi-Fi networks (48.3%) and antivirus software (48.3%).
Even with certain security pushes from work, a person’s personal time is still their own. The next section of this study compares cybersecurity behavior when a person is performing work-related tasks versus personal tasks. We also looked at how seriously employees take cybersecurity, how they finance safety measures, and if they felt their approach to cybersecurity had changed since the pandemic.
For both work and personal use, about 65% of employees were using secure Wi-Fi. Two-factor authentication was more often reserved just for work, as were antivirus software and VPNs. Regardless of the method, a vast majority of employees (89.4%) claimed to take cybersecurity very seriously.
Nevertheless, concern over cybersecurity is a luxury that not all companies or individuals can afford to mitigate. Defending against cybersecurity threats is actually very expensive. Firewalls or detection sensors can cost upwards of $120,000, while a monitoring platform can cost ten times as much. Still, 21.1% of remote employees reported paying for their own work-related cybersecurity, averaging a monthly cost of $111.30. Of those who were covering these costs themselves, 63.3% agreed that it should be the financial responsibility of their employer instead.
Impact of Cybersecurity Threats
Companies (and individuals) often tend to take cybersecurity more seriously after experiencing an attack. This section of our study looks at overall security protocols by whether the employee’s company had experienced a cybersecurity threat as well as the security protocols in place by company size.
Protocols available (financially and logistically) varied greatly by company size. Having an entire staff dedicated to cybersecurity was actually fairly common in companies upwards of 1,000 employees. On the other hand, something as simple as even having a protocol in the first place was relatively rare among small businesses with under 50 employees. Nine in 10 employees were aware of proper protocol when faced with a cybersecurity attack.
Nearly half of remote workers reported experiencing a phishing or cybersecurity threat, with 31.5% of remote workers having experienced it more than once. Those who had experienced an attack were more likely to have implemented precautions such as two-factor authentication and VPNs, while those who utilized antivirus software were the least likely to experience cybersecurity threats. That said, a hacker only needs to exploit one single weakness, while the company must defend against all of them.
Cause for Concerns
Although company size clearly impacts the level of cybersecurity available, we wanted to know how the sensitivity of information impacted cybersecurity by comparison. Our study concludes with a look at how both employers and employees perceive the value of cybersecurity based on company size and sensitivity of company information.
Smaller companies, or those with typically fewer resources and more hacking attempts, were fortunately not as often dealing with highly sensitive information. Instead, companies with at least 1,000 employees were twice as likely to be handling highly sensitive information. This is why data breaches at the likes of Target and Yahoo have earned the rank of “Category 5” and can be so devastating for so many people whose personal data was held by the company.
The sensitivity of a company’s information appeared to directly impact how concerned its employees were about cybersecurity. For instance, the more sensitive the information, the more likely the employee was to care about cybersecurity. Company size also impacted perceived employer concern regarding security but not as directly or proportionally.
Keeping Your Personal and Business Life Safe
As the evidence clearly reveals, cybersecurity is a major consideration for remote employees. Things like two-factor authentication and secure Wi-Fi are common practices among remote employees in 2021, while the vast majority agree they take it seriously and would know what to do in a cybersecurity threat scenario.
No matter how large the company or sensitive the information, however, we can see that cybersecurity threats can and do still happen. There are therefore several steps you can take to facilitate a secure way of working, as further explained in our secure browsing section.
Methodology and Limitations
In this study, we surveyed 1,004 remote employees using Amazon MTurk. 59.5% of respondents identified as men, 40.3% identified as women, and 0.2% identified as nonbinary. The average age of these respondents was 36.6 years with a standard deviation of 10.3 years.
The main limitation of this portion of the study is the reliance on self-report, which is faced with several issues such as, but not limited to, attribution, exaggeration, recency bias, and telescoping.
Fair Use Statement
Perhaps having this data is making your internet usage feel safer already. If you think another remote employee or fellow internet user could benefit from this data, you are welcome to share it with proper attribution to this page.
More recent studies: