The lack of discipline of French teleworkers
At a time when telework has become an almost usual practice in the professional sector, failures continue to be observed.
On this point, a study was conducted by an Israeli cybersecurity company called CyberArk. A study that highlighted unsavory practices of workers of French origin. Behaviours that are likely to endanger the very safety of a remote chain of collaboration.
This article will also interest you: The safety of teleworkers, a priority that still needs to remain
"Ordis pros used for leisure, personal computers for work, passwords reused… Ten minutes of illegal streaming on your business computer, and at the key, months of access to the company network for a hacker … This risk is very real as the French, who have rushed into telework with confinement, have become very bad computer habits" wrote Damien Licata Caruso, AN IT journalist.
According to the data collected by the study, only 56% of French people who switched to telecommuting received a laptop or other secure computer equipment to enable it to work remotely. This is well below the standard in the United States, which is 87% for the rate of equipment of employees in computer equipment for telework or for Great Britain, which rises by up to 90%. One third of employees in telework use the computer intended for work for leisure activities, to carry out online shopping, download homework for their children.
In fact, 29% of respondents admitted that they often used professional equipment for personal activities at home. These problems related to the diversion of equipment's purposes seem much more French. In Germany, for example, 84% of employees have shown that they refuse to do so. Of course, we must count on the consequences that can prove very damaging for the company in the long term. "There are already the classic risks of email phishing or personal password theft, but hackers can also install a "keylogger" (a taped keylogger) from a site or questionable application to retrieve an employee's business IDs," warns CyberArk's Director of Pre-Sales and Professional Services. Jean-Christophe Vitu.
It is enough to have cracked the access point, to allow cyber criminals to break into a company's system. These accesses can vary between compromising professional hardware from a poorly protected connection. In any case, the danger is on the side of the company. And this is due to the fact that the majority of employees surveyed (85%) confirmed that they have logged on to the company's remote network at least once with their personal device. Generally, IT security professionals tend to describe this as an increase in the attack area. Because the tools used are mostly not compatible with the security policy defined by companies to the security experts. This is not likely to facilitate their work.
The positive in all this is the use of VPN network by nearly 62% of French employees. Situation that must be admitted, limit has greatly the potential damage, with the more or less important security of remote connections. "But even companies that took the time to install VPNs on their employees' jobs have been the target of cyberattacks," recalls Jean-Christophe Vitu. As if to say that it is not enough yet. And the cause of this vulnerability would be largely the bad mania, employees to reuse passwords already used for other accounts. This was confirmed by 89% of employees surveyed. They did recognize that they used the same password for different accounts and devices. This means that it is enough that the cybercriminal manages to hack into a single account to have access to all the others not to mention devices that are protected by the same password.
According to a study led by the cybersecurity firm Sophos, a very large part of French companies have noted and that the cause of the ransomware attacks since the beginning of the year was largely due to the recovery of an employee's passwords, used accordingly, by cyber-prisoners to access the company's computer system and conduct their operations.
Now access an unlimited number of passwords: