Having employees work outside the office, whether from the comfort of home or in the public library, comes with challenges, including cyber threats. With remote work becoming the new norm, we wondered how often security breaches occur and what they cost employers.

To shed light on this critical issue, we surveyed 1,019 remote workers about their cybersecurity practices and breaches. Join us as we reveal online risks and share solutions for ensuring secure operations worldwide.

Key takeaways

• Remote workers using iPhones (17%) are more likely than Android users (12%) to get hacked.
• Co-working spaces (18%) are the most vulnerable locations for data theft.
• 21% of remote employees who worked from another country had work-related information stolen.
• Cyberattacks on remote workers cost over $10,000 for nearly one in four companies.
• The finance industry has the most insider threats.

Remote work habits and theft experiences

First, let’s explore where remote employees choose to work, how they access work-related resources, and the number of workers who have fallen victim to data theft.

Most remote employees (72%) worked in a different city than their company, and 15% of those had work information stolen. Only 13% of employees worked in a different country, but those remote workers were the most likely to be hacked at 21%.

As for remote workplaces, the most vulnerable location was co-working spaces, as 18% of employees had information stolen there. Libraries, coffee shops, and cafes were the second most susceptible, with 17% of employees reporting hacks in these locations.

While hackers accessed phones and computers at around the same rates, Apple devices proved far less secure than others. Among computers, 16% of Macs were breached, compared to 14% of PCs. Among phones, 17% of iPhones were hacked, compared to only 12% of Android phones. But fortunately for Apple users, our previous research shows that 75% of Apple users were able to fully recover their lost data.

To keep information secure at home and abroad, remote employees should know how to protect devices from intrusion.

Cybersecurity mistakes and costs

How do hackers access remote workers’ information? Let’s explore the most common cybersecurity mistakes and how to avoid them.

Failing to encrypt personal data (60%) was remote workers’ most common cybersecurity mistake, followed by reusing passwords (53%). Additionally, two in five remote workers did not use virtual private networks (VPNs) when accessing company data outside the office.

Leaving devices vulnerable to cyber attacks can lead to information leaks and monetary losses. How much information do companies lose to security breaches, and how costly are these mistakes?

Cyberattacks on remote workers exacted a considerable toll, costing nearly one-quarter of companies over $10,000. The most common loss was consumer data theft (47%). Data theft consequences rippled through organizations, and remote workers who had data stolen faced significant repercussions. The most common discipline for hacked remote workers was training (42%), demotion (38%), or fines (37%).

Interestingly, medium-sized businesses were the most susceptible to security breaches. In fact, they were 21% more likely than small businesses to experience cyberattacks. That said, one in seven small businesses had fallen victim to cyberattacks. And while slightly more than half of small businesses (52%) experienced less than $1,000 in damages, one in five endured cybersecurity losses exceeding $10,000.

Vulnerabilities by industry

While businesses of all sizes are susceptible to cyberattacks, some industries are more vulnerable than others. Let’s explore the industries in the most danger from insider threats and the practices putting them at risk.

To determine the least secure industries regarding cybersecurity, we examined the following factors:

• Unauthorized data access
• Undisclosed work locations
• Public Wi-Fi usage
• Password practices

We also looked into how remote workers handled security alerts.

The top five sectors with insider threats from cyberattacks were finance, retail, professional and business services, health care, and information. However, education employees had the most incidents of information theft (19%).

Finance industry employees were among the most likely to reuse passwords, share passwords, and travel without telling their employers. Retail industry workers were most likely to use public Wi-Fi (18%), and professional and business services employees were most likely to ignore security warnings (8%).

Unfortunately, many employers were not helping prevent insider security mistakes. Only 51% of remote employees received cybersecurity training from their employers. Among those who received training, the top cybersecurity practices taught were two-factor authentication (47%), utilizing a VPN (44%), and regularly updating devices and software (43%).

Securing remote work

There is a great need for more cybersecurity training among remote workers, especially in the most vulnerable industries. Awareness, education, and proactive cybersecurity practices can go a long way in safeguarding valuable data and sensitive information. Now is the time to invest in cybersecurity measures to protect and strengthen remote work environments, like eliminating passwords in the authentication process and moving to phishing-resistant MFA.

Methodology

We surveyed 1,019 remote workers about how they handle cybersecurity when working outside their homes.

About Beyond Identity

Beyond Identity offers phishing-resistant MFA and passwordless MFA, which provides frictionless security users will readily adopt. Our Zero Trust Authentication solution lets you set the foundation for zero trust by continuously assessing device risk so you can truly protect your data wherever you work.

Fair use statement

If you wish to share this content, please do so for noncommercial purposes only, providing readers with a link to this page for reference.