Remote Workers Encounter 8 Risky URLs per Day, New Research Shows


Level 6
Oct 1, 2019
Given enough time, employees – especially those working remotely – will click on a link to a potentially dangerous website. But how much time? According to recent data, less than an hour.

Employees access 8.5 risky URLs per day, or 59 per week, according to NetMotion researchers. That would be more than once per hour in an eight-hour workday.

Amid work-from-home orders associated with the pandemic, NetMotion wanted to answer one question: do workers pose a greater cybersecurity risk at home than at the office?

The firm recently aggregated anonymized network traffic data from May 30 to June 24, seeking evidence of users attempting to access risky content, like URLs that would be blocked by firewalls and other corporate security tools that monitor internal network traffic.

The analysis revealed that employees clicked on 76,440 links that took them to potentially dangerous websites, all visited on work-assigned devices while using either home or public Wi-Fi or a cellular network connection.

The data also revealed the most common types of high-risk URLs encountered. In order of prevalence, these were: botnets, malware sites, spam and adware, and phishing and fraud sites. Many, if not most, of these remote workers would have been prevented from accessing this risky content had they been connected to protected internal (non-public) networks.

Other key findings include:
  • Employees, on average, encounter 8.5 risky URLs per day, or 59 per week
  • Remote workers also access around 31 malware sites per month, and 10 phishing domains
  • Almost 1 in 5 risky links led to sites containing spam, adware or malware
  • Phishing and fraud, which garner an outsized proportion of news, account for only 4% of URLs visited
Researchers caution that many organizations have no visibility into activity taking place on external networks, let alone the means to prevent it.

One explanation for that last finding could be that, despite ranking low among risky websites, it takes just one unwary employee to follow through with the devious content inside a phishing email. Lest we forget, phishing, whaling and business email compromise (BEC) campaigns remain highly successful in gaining initial foothold in an infrastructure.
  • Like
Reactions: SecurityNightmares

John Lennon

New Member
Dec 13, 2018
These days when almost all of us are working from home, the risk of cyber attacks has increased immensely one of them being corporate account takeover attack (CATO). Even WHO reported that the email addresses and passwords of some of its top employees were compromised in April. Not only this, since the pandemic the number of cyberattacks have sky rocketed all across the globe.

The cyber criminals can manipulate people into sharing their credentials through phishing attacks or brute force attacks, or man in the middle attack etc. It has become imperative for organisations to train their employees into not giving into such attacks as they can exploit financial stability as well as reputation of the account holder.

Apart from training employees for maintaining cyber security, enterprises must also adopt various precautions in their system like , passwordless login or instant login, multi factor authentication, risk based authentication, consent management, security and compliance, data management etc.

To prevent loss of finances, customer trust and brand image, it is necessary for enterprises to ensure proper security. Here is an article I read on the same topic which I think might be useful. I am posting its link below.