Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Tenable Blog

Subscribe
  • Twitter
  • Facebook
  • LinkedIn

New Data Reveals Company Size May Be Tied To Remote-Worker Cybersecurity Practices

New Data Reveals Company Size May Be Tied To Remote-Worker Cybersecurity Practices

Employees at the largest firms are least likely to adhere to wifi and password security guidelines.

The security of a company is often in the hands of the employees who access its data day-to-day. New data from a global study commissioned by Tenable and conducted by Forrester Consulting reveals that remote employees’ use of personal devices, their adherence to security guidelines and their sense of responsibility for company security vary based on the size of the company they work for. 

Personal device use for work

The larger the company, the less likely remote employees are to use personal devices, such as laptops, smartphones and tablets, for work. Less than half of remote work respondents at companies with 20,000 or more employees said they use personal laptops or smartphones for work. Whereas over half of respondents at smaller businesses said they use personal devices for work.

Source: A commissioned study conducted by Forrester Consulting on behalf of Tenable, April 2021. Base: Full-time employees working from home three or more days a week for organizations with 1,000 to 4,999 (N=261), 5,000 to 19,999 (N=157), and 20,000 or more (N=61) employees

A further look at the types of company data employees are accessing on their personal devices reveals the trend in more detail: customer data, financial records and third-party contracts are accessed on personal devices at a much higher rate by employees at smaller firms than they are by those working at firms with 20,000 or more employees. 

Source: A commissioned study conducted by Forrester Consulting on behalf of Tenable, April 2021. Base: Full-time employees working from home three or more days a week for organizations with 1,000 to 4,999 (N=243), 5,000 to 19,999 (N=148), and 20,000 or more (N=52) employees who use personal devices for work

However, one trend is ubiquitous no matter the company size: employee use of work devices to access websites for personal purposes. Corporate devices are being used to access personal social media accounts or streaming services, among other activities. 

Source: A commissioned study conducted by Forrester Consulting on behalf of Tenable, April 2021. Base: Full-time employees working from home three or more days a week for organizations with 1,000 to 4,999 (N=256), 5,000 to 19,999 (N=151), and 20,000 or more (N=58) employees who use employer-provided devices for work

Corporate security guideline adherence 

Survey respondents at firms with 20,000 or more employees self-report less adherence to strictly following best practices with regards to public wifi access and strong passwords than those at smaller firms. In fact, only 16% of respondents at companies with 20,000 or more employees say they strictly adhere to guidance regarding public wifi, and just 20% strictly follow guidelines for setting passwords, compared with 21% and 27%, respectively, of respondents at companies with 1,000-4,999 employees. 

Source: A commissioned study conducted by Forrester Consulting on behalf of Tenable, April 2021. Base: Full-time employees working from home three or more days a week for organizations with 1,000 to 4,999 (N=261), 5,000 to 19,999 (N=157), and 20,000 or more (N=61) employees

When it comes to updating devices, however, more employees at the largest firms claim to do so immediately, as compared with those at firms with less than 20,000 employees. In a prior chart we indicated that employees in the largest subset of companies were also more likely to use employer-provided devices for work.

Source: A commissioned study conducted by Forrester Consulting on behalf of Tenable, April 2021. Base: Full-time employees working from home three or more days a week for organizations with 1,000 to 4,999 (N=261), 5,000 to 19,999 (N=157), and 20,000 or more (N=61) employees

Employees at the largest firms are less likely than those in the middle category of company size to claim that they are aware of corporate cybersecurity guidelines by a margin of -10 percentage points. Yet, those in the largest subset are also least likely to admit that they sometimes ignore cybersecurity policies. 

Source: A commissioned study conducted by Forrester Consulting on behalf of Tenable, April 2021. Base: Full-time employees working from home three or more days a week for organizations with 1,000 to 4,999 (N=261), 5,000 to 19,999 (N=157), and 20,000 or more (N=61) employees

Sense of personal responsibility for company security

Employees at companies in the mid-sized group are less likely to feel responsible for ensuring the security of the devices they use for work. 

Source: A commissioned study conducted by Forrester Consulting on behalf of Tenable, April 2021. Base: Full-time employees working from home three or more days a week for organizations with 1,000 to 4,999 (N=261), 5,000 to 19,999 (N=157), and 20,000 or more (N=61) employees

When it comes to an overall feeling of responsibility for the security of corporate information, employees appear to feel less responsible when their company is larger, as indicated by the fact that employees in the smallest subset of firms were more likely to somewhat or strongly agree that the have a responsibility for the security of the corporate data they access versus those with 20,000 or more employees by a margin of 10 percentage points. In our view, larger companies tend to have more mature cybersecurity programs and controls in place, whereas smaller firms tend to have less controls and rely on employees disproportionally.

Source: A commissioned study conducted by Forrester Consulting on behalf of Tenable, April 2021. Base: Full-time employees working from home three or more days a week for organizations with 1,000 to 4,999 (N=261), 5,000 to 19,999 (N=157), and 20,000 or more (N=61) employees

Conclusion 

As with everything in cybersecurity, awareness is the first step toward remediation. It is important that corporate security personnel take the size of their own organization into account as they consider how employee behavior affects cybersecurity practices and they should pay special attention to their Active Directory security. In addition, given the recent attacks on the software supply chain, it’s worthwhile for security pros to consider these factors when evaluating third-party vendors, especially those they work with on a regular basis. For more insights, read the study, Beyond Boundaries: The Future of Cybersecurity in the New World of Work.

Learn more



Related Articles

Are You Vulnerable to the Latest Exploits?

Enter your email to receive the latest cyber exposure alerts in your inbox.

Try for Free Buy Now
Tenable.io FREE FOR 30 DAYS

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Sign up now.

Tenable.io BUY

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

65 assets

Choose Your Subscription Option:

Buy Now
Try for Free Buy Now

Try Nessus Professional Free

FREE FOR 7 DAYS

Nessus® is the most comprehensive vulnerability scanner on the market today. Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

Buy Nessus Professional

Nessus® is the most comprehensive vulnerability scanner on the market today. Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

Buy a multi-year license and save. Add Advanced Support for access to phone, community and chat support 24 hours a day, 365 days a year. Full details here.

Try for Free Buy Now

Try Tenable.io Web Application Scanning

FREE FOR 30 DAYS

Enjoy full access to our latest web application scanning offering designed for modern applications as part of the Tenable.io platform. Safely scan your entire online portfolio for vulnerabilities with a high degree of accuracy without heavy manual effort or disruption to critical web applications. Sign up now.

Buy Tenable.io Web Application Scanning

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

5 FQDNs

$3,578

Buy Now

Try for Free Contact Sales

Try Tenable.io Container Security

FREE FOR 30 DAYS

Enjoy full access to the only container security offering integrated into a vulnerability management platform. Monitor container images for vulnerabilities, malware and policy violations. Integrate with continuous integration and continuous deployment (CI/CD) systems to support DevOps practices, strengthen security and support enterprise policy compliance.

Buy Tenable.io Container Security

Tenable.io Container Security seamlessly and securely enables DevOps processes by providing visibility into the security of container images – including vulnerabilities, malware and policy violations – through integration with the build process.

Try for Free Contact Sales

Try Tenable Lumin

FREE FOR 30 DAYS

Visualize and explore your Cyber Exposure, track risk reduction over time and benchmark against your peers with Tenable Lumin.

Buy Tenable Lumin

Contact a Sales Representative to see how Lumin can help you gain insight across your entire organization and manage cyber risk.