One key reason employers want to get employees back in the office is to enforce better security controls. A new report makes employers’ motivation clear: Nearly half (48%) abandon security protocols when working from home (WFH). But employers may not be able to drive employees back into the workplace. They may need to adopt WFH security best practices instead.

The news on employee WFH behavior only gets worse. An overwhelming majority (91%) of IT leaders trust their staff to do the right things. But “over half of employees (52%) believe they can get away with riskier behavior when working from home.”

Further, much of the risky behavior is deliberate. While 48% readily admit that “not being watched by IT” is their reason to ditch company security practices, a whopping 54% will find workarounds if security policies impede their work.

Tessian’s Tim Sadler

“Businesses have adapted quickly to the abrupt shift to remote working. The challenge they now face is protecting data from risky employee behaviors as working from home becomes the norm. Human error is the biggest threat to companies’ data security, and IT teams lack true visibility of the threat,” said Tim Sadler, CEO and co-founder of email security firm, Tessian.

There are regional differences in risky behaviors at home, too. For one thing, American workers tend to be laxer on security rules than their counterparts across the pond. According to the report, U.S. employees are more than twice as likely as U.K. workers to send emails to the wrong person (72% vs. 31%). And U.S. workers are twice as likely as U.K. workers (45% vs. 23%) to take company documents with them when they quit.

Industry Consensus

Tessian isn’t the only company noting the swing in security threats caused by employees working from home.

An nCipher Security and Ponemon Institute study found that over half (54%) of business leaders consider their employees the biggest security threat, followed by hackers (29%) and malicious insiders (20%).

nCipher Security’s John Grimm

“As the world goes digital, the impact of the global pandemic highlights how security and identity have become critical for organizations and individuals both at work and at home,” said John Grimm, vice president of strategy at nCipher Security.

The problem is likely to compound rather than resolve after the pandemic passes.

Abine’s Rob Shavell

“While employers may want to accommodate long-term flexible work arrangements, most companies are not prepared for the serious security risks associated with managing a remote work force,” said Rob Shavell, CEO of Abine, an online privacy provider.

Despite the risks, companies are not likely to pass on the benefits a WFH workforce provides, however.

According to data acquired by Atlas VPN, because of the productivity boost and reduction in expenses, “U.S. companies can save $4.5 trillion by letting their employees work remotely.” The flexibility WFH provides to workers also aids companies in their hiring and talent retention efforts.

Atlas VPN found that 99% of workers would like a chance to work remotely at least part-time. This makes WFH security best practices even more critical. Further, “being able to work from home is the critical factor for 70% of people looking for a new job.”