After working from home for months, Britons have developed lax cyber security habits, using their work equipment to shop online, check their social media or forgetting to log themselves out of applications once they’ve stopped using them, according to a cyber security product company’s survey.
Mimecast found that most, 63pc of Britons use their personal devices to access the corporate network. As the lines between their personal and professional lives blur, almost 60pc forward personal emails to their professional ones. And almost half open attachments from unknown sources (49.4pc) or click on links in emails from unknown sources (47.1pc). Three in four IT people surveyed say that they are witnessing cybersecurity issues once a month or more – and 20pc of them admit occurrences happen more than once a day.
Email remains the first source of cybersecurity issues: 42pc of IT surveyed acknowledge most cybersecurity incidents start with an employee clicking on a malicious link in an email. As hackers become more sophisticated, these emails may mimic an internal source. As the cyber firm says, it’s becoming a challenge to identify whether a source is legitimate or not for employees who may not have seen their colleagues since March.
Cybersecurity awareness within an organisation varies between divisions – with the main culprits for poor cybersecurity hygiene often being the ones who manage the highest volume of emails. Those surveyed rank risk and compliance as the most trustworthy division for cybersecurity; then the finance department which has long been a hacker’s favourite target. Those surveyed – 500 in IT in small, medium and large companies in the UK; in May – see marketing and communications as the worst offenders for cybersecurity, followed by design, and HR and training.
Many organisations had to make remote working policies in a hurry to respond to the lockdown. Yet, those in the survey are confident this has helped their workforce to become more mindful of cyber security: eight out of ten believe their company will be better prepared to cope with disruption, and that employees will have better cyber hygiene.
Francis Gaffney, Director of Threat Analysis at Mimecast says: “The COVID-19 pandemic has had a massive impact on businesses across the country, making it difficult for many to function as they usually would. With offices forced to close overnight, many workforces were working remotely for the first time. This obviously had major implications for cybersecurity, as IT had limited visibility into employee habits.
“This research is particularly worrying because it shows that UK employees are failing to follow basic cybersecurity best practises, which can have huge repercussions for businesses both financially and from a reputation perspective. Now is the time to prioritise cyber hygiene awareness training to ensure employees returning to the office will be proficient in keeping the business secure.”
