Britons have developed lax cyber security habits, using their work equipment to shop online, check their social media or forgetting to log themselves out of applications once they’ve stopped using them.
That’s according to research from Mimecast, which says businesses should capitalise on the phased return to the office to implement stringent training and improve cybersecurity awareness among their workforce.
The results of the survey, it says, are damning:
- 63% of Britons use their personal devices to access the corporate network
- As the lines between their personal and professional lives blur, almost 60% forward personal emails to their professional ones
- Almost half open attachments from unknown sources (49.4%) or click on links in emails from unknown sources (47.1%)
Mimecast says these bad practices result in more cybersecurity incidents across businesses, with three in four IT leaders witnessing cybersecurity issues once a month or more – more worryingly, 20% of them admit occurrences happen more than once a day.
Email remains the first source of cybersecurity issues: 42% of IT leaders acknowledge most cybersecurity incidents start with an employee clicking on a malicious link in an email. As hackers become more sophisticated, 30% admit that these emails mimic an internal source, increasing the challenge to identify whether a source is legitimate or not for employees who may not have seen their colleagues since March.
Cyberhygiene varies widely between divisions
To add to this constant headache for IT leaders, the level of cybersecurity awareness within the organisation varies widely between divisions – with the main culprits for poor cybersecurity hygiene often being the ones who manage the highest volume of emails.
IT leaders rank risk and compliance as the most trustworthy division when it comes to cybersecurity, closely followed by the finance department. The latter has long been a hacker’s favourite target as one small mistake can provide access to the company’s financial information and result in a dip in revenue.
While the guarantors of the company’s financial health are among the most vigilant when it comes to cybersecurity, those responsible for its reputation could use a refresher: IT leaders see marketing and communications as the worst offenders when it comes to bad cybersecurity practices, followed by design and HR & training.
Many organisations had to implement large-scale remote working policies in a hurry to respond to the lockdown. Yet, IT leaders are confident this has helped their workforce to become more mindful of cybersecurity: eight out of ten believe their company will be better prepared to cope with disruption, and that employees within their organisation will have better cyber hygiene moving forward.
Francis Gaffney, Director of Threat Analysis at Mimecast, said: “The COVID-19 pandemic has had a massive impact on businesses across the country, making it difficult for many to function as they usually would. With offices forced to close overnight, many workforces were working remotely for the first time. This obviously had major implications for cybersecurity, as IT had limited visibility into employee habits. This research is particularly worrying because it shows that UK employees are failing to follow basic cybersecurity best practises, which can have huge repercussions for businesses both financially and from a reputation perspective. Now is the time to prioritise cyber hygiene awareness training to ensure employees returning to the office will be proficient in keeping the business secure.”