Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Tenable Blog

Subscribe

New Data Reveals Company Size May Be Tied To Remote-Worker Cybersecurity Practices

Employees at the largest firms are least likely to adhere to wifi and password security guidelines.

The security of a company is often in the hands of the employees who access its data day-to-day. New data from a global study commissioned by Tenable and conducted by Forrester Consulting reveals that remote employees’ use of personal devices, their adherence to security guidelines and their sense of responsibility for company security vary based on the size of the company they work for. 

Personal device use for work

The larger the company, the less likely remote employees are to use personal devices, such as laptops, smartphones and tablets, for work. Less than half of remote work respondents at companies with 20,000 or more employees said they use personal laptops or smartphones for work. Whereas over half of respondents at smaller businesses said they use personal devices for work.

Source: A commissioned study conducted by Forrester Consulting on behalf of Tenable, April 2021. Base: Full-time employees working from home three or more days a week for organizations with 1,000 to 4,999 (N=261), 5,000 to 19,999 (N=157), and 20,000 or more (N=61) employees

A further look at the types of company data employees are accessing on their personal devices reveals the trend in more detail: customer data, financial records and third-party contracts are accessed on personal devices at a much higher rate by employees at smaller firms than they are by those working at firms with 20,000 or more employees. 

Source: A commissioned study conducted by Forrester Consulting on behalf of Tenable, April 2021. Base: Full-time employees working from home three or more days a week for organizations with 1,000 to 4,999 (N=243), 5,000 to 19,999 (N=148), and 20,000 or more (N=52) employees who use personal devices for work

However, one trend is ubiquitous no matter the company size: employee use of work devices to access websites for personal purposes. Corporate devices are being used to access personal social media accounts or streaming services, among other activities. 

Source: A commissioned study conducted by Forrester Consulting on behalf of Tenable, April 2021. Base: Full-time employees working from home three or more days a week for organizations with 1,000 to 4,999 (N=256), 5,000 to 19,999 (N=151), and 20,000 or more (N=58) employees who use employer-provided devices for work

Corporate security guideline adherence 

Survey respondents at firms with 20,000 or more employees self-report less adherence to strictly following best practices with regards to public wifi access and strong passwords than those at smaller firms. In fact, only 16% of respondents at companies with 20,000 or more employees say they strictly adhere to guidance regarding public wifi, and just 20% strictly follow guidelines for setting passwords, compared with 21% and 27%, respectively, of respondents at companies with 1,000-4,999 employees. 

Source: A commissioned study conducted by Forrester Consulting on behalf of Tenable, April 2021. Base: Full-time employees working from home three or more days a week for organizations with 1,000 to 4,999 (N=261), 5,000 to 19,999 (N=157), and 20,000 or more (N=61) employees

When it comes to updating devices, however, more employees at the largest firms claim to do so immediately, as compared with those at firms with less than 20,000 employees. In a prior chart we indicated that employees in the largest subset of companies were also more likely to use employer-provided devices for work.

Source: A commissioned study conducted by Forrester Consulting on behalf of Tenable, April 2021. Base: Full-time employees working from home three or more days a week for organizations with 1,000 to 4,999 (N=261), 5,000 to 19,999 (N=157), and 20,000 or more (N=61) employees

Employees at the largest firms are less likely than those in the middle category of company size to claim that they are aware of corporate cybersecurity guidelines by a margin of -10 percentage points. Yet, those in the largest subset are also least likely to admit that they sometimes ignore cybersecurity policies. 

Source: A commissioned study conducted by Forrester Consulting on behalf of Tenable, April 2021. Base: Full-time employees working from home three or more days a week for organizations with 1,000 to 4,999 (N=261), 5,000 to 19,999 (N=157), and 20,000 or more (N=61) employees

Sense of personal responsibility for company security

Employees at companies in the mid-sized group are less likely to feel responsible for ensuring the security of the devices they use for work. 

Source: A commissioned study conducted by Forrester Consulting on behalf of Tenable, April 2021. Base: Full-time employees working from home three or more days a week for organizations with 1,000 to 4,999 (N=261), 5,000 to 19,999 (N=157), and 20,000 or more (N=61) employees

When it comes to an overall feeling of responsibility for the security of corporate information, employees appear to feel less responsible when their company is larger, as indicated by the fact that employees in the smallest subset of firms were more likely to somewhat or strongly agree that the have a responsibility for the security of the corporate data they access versus those with 20,000 or more employees by a margin of 10 percentage points. In our view, larger companies tend to have more mature cybersecurity programs and controls in place, whereas smaller firms tend to have less controls and rely on employees disproportionally.

Source: A commissioned study conducted by Forrester Consulting on behalf of Tenable, April 2021. Base: Full-time employees working from home three or more days a week for organizations with 1,000 to 4,999 (N=261), 5,000 to 19,999 (N=157), and 20,000 or more (N=61) employees

Conclusion 

As with everything in cybersecurity, awareness is the first step toward remediation. It is important that corporate security personnel take the size of their own organization into account as they consider how employee behavior affects cybersecurity practices and they should pay special attention to their Active Directory security. In addition, given the recent attacks on the software supply chain, it’s worthwhile for security pros to consider these factors when evaluating third-party vendors, especially those they work with on a regular basis. For more insights, read the study, Beyond Boundaries: The Future of Cybersecurity in the New World of Work.

Learn more



Related Articles

Cybersecurity News You Can Use

Enter your email and never miss timely alerts and security guidance from the experts at Tenable.

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.

Tenable Vulnerability Management trials created everywhere except UAE will also include Tenable Lumin and Tenable Web App Scanning.

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

100 assets

Choose Your Subscription Option:

Buy Now

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.

Tenable Vulnerability Management trials created everywhere except UAE will also include Tenable Lumin and Tenable Web App Scanning.

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

100 assets

Choose Your Subscription Option:

Buy Now

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.

Tenable Vulnerability Management trials created everywhere except UAE will also include Tenable Lumin and Tenable Web App Scanning.

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

100 assets

Choose Your Subscription Option:

Buy Now

Try Tenable Web App Scanning

Enjoy full access to our latest web application scanning offering designed for modern applications as part of the Tenable One Exposure Management platform. Safely scan your entire online portfolio for vulnerabilities with a high degree of accuracy without heavy manual effort or disruption to critical web applications. Sign up now.

Your Tenable Web App Scanning trial also includes Tenable Vulnerability Management and Tenable Lumin.

Buy Tenable Web App Scanning

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

5 FQDNs

$3,578

Buy Now

Try Tenable Lumin

Visualize and explore your exposure management, track risk reduction over time and benchmark against your peers with Tenable Lumin.

Your Tenable Lumin trial also includes Tenable Vulnerability Management and Tenable Web App Scanning.

Buy Tenable Lumin

Contact a Sales Representative to see how Tenable Lumin can help you gain insight across your entire organization and manage cyber risk.

Try Tenable Nessus Professional Free

FREE FOR 7 DAYS

Tenable Nessus is the most comprehensive vulnerability scanner on the market today.

NEW - Tenable Nessus Expert
Now Available

Nessus Expert adds even more features, including external attack surface scanning, and the ability to add domains and scan cloud infrastructure. Click here to Try Nessus Expert.

Fill out the form below to continue with a Nessus Pro Trial.

Buy Tenable Nessus Professional

Tenable Nessus is the most comprehensive vulnerability scanner on the market today. Tenable Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

Buy a multi-year license and save. Add Advanced Support for access to phone, community and chat support 24 hours a day, 365 days a year.

Select Your License

Buy a multi-year license and save.

Add Support and Training

Try Tenable Nessus Expert Free

FREE FOR 7 DAYS

Built for the modern attack surface, Nessus Expert enables you to see more and protect your organization from vulnerabilities from IT to the cloud.

Already have Tenable Nessus Professional?
Upgrade to Nessus Expert free for 7 days.

Buy Tenable Nessus Expert

Built for the modern attack surface, Nessus Expert enables you to see more and protect your organization from vulnerabilities from IT to the cloud.

Select Your License

Buy a multi-year license and save more.

Add Support and Training