Workers 'happy' to open suspicious emails

Mimecast has released new research which highlights the risky behavior of employees using company-issued devices.

  • 4 years ago Posted in
More than 1000 global respondents were asked about their use of work devices for personal activities and how aware they are of today’s cyber risks. The results highlighted the need for better awareness training, as people are clicking on links or opening suspicious emails despite having been trained.

 

Earlier this year, an urgent request for IT teams across the globe was to ensure the efficient issuance of laptops and other computing devices to employees, as much of the workforce started working remote due to the novel coronavirus pandemic (COVID-19). A key priority for IT professionals was to then ensure their IT and security policies where ready for the rush to remote work.

 

The Blurring of Personal and Professional Life

 

Mimecast’s research found that 73% of respondents extensively use their company-issued device for personal matters, with nearly two-thirds (60%) admitting to an increase in frequency since starting to work remote. The most common activities were checking personal email (47%), carrying out financial transactions (38%) and online shopping (35%). According to the State of Email Security 2020 report, personal email and browsing the web/shopping online were already two areas of major concern for IT professionals. Seventy-three percent said there was a risk to checking personal email as the cause of a serious security mistake, and 69% thought surfing the web or online shopping could likely cause an incident.

 

Awareness Training Doesn’t Always Mean Correct Behavior

 

Encouragingly, 96% of respondents claim to be aware that links in email, on social media sites and on websites can potentially infect their devices. Sixty-four percent have even received special cybersecurity awareness training related to working from home during the pandemic. However, this doesn’t always translate into putting this knowledge into practice. Nearly half (45%) of survey respondents admitted to opening emails that they considered to be suspicious. The same percentage admitted to not reporting suspicious emails to their IT or security teams. The research also highlights themes of a strong disconnect in certain countries. The US and UAE both had the majority of respondents (78% and 81% respectively) stating that they’ve had special awareness training this year, yet 60% (USA) and 61% (UAE) still opened emails they considered to be suspicious.

 

“This research puts a spotlight on the fact that while there’s a good amount of awareness training being offered, the type of training or the frequency is completely ineffective,” said Michael Madon, senior vice president of awareness training and threat intelligence. “With everyone’s home becoming their new office, classroom and place of residence, it’s not really a surprise that employees are using their company-issued devices for personal use. However, better training is crucial to avoid putting the company at risk. Employees need to be engaged, and trainings need to be short, visual, relevant and include humor to make the message resonate. In fact, Mimecast has found that end-users who have taken Mimecast Awareness Training are 5.2 times less likely to click on dangerous links. Awareness training can’t be just another check-the-box activity if you want a security conscious organization.”

 

The Younger Generation Can Be an Organization’s Greatest Risk

 

Despite being the most tech savvy generation, younger works may be putting organizations at greater risk. Surprisingly almost 60 percent of the 16-24 age group admitted to opening emails even though they looked suspicious. This group is also more guilty of blurring the lines between their business and personal usage of these devices. Seventy-nine percent of the 16-24 age group reported using their issued devices for personal use, while only 42% of the older - 55+ - group admitted the same.

 

Respondents averaged 1.9 hours of personal activity on their work devices a day, with almost a quarter (22%) clocking more than 3 hours of non-work-related screen time.

 

The research revealed how habits differ between males and females and in different age groups. Seventy-eight percent of men reported using their corporate device for personal business versus 65% of women.

 

Research shows ‘game needs to be changed,’ with security innovation years behind that of the...
Node4 has released its Mid-Market IT Priorities Report 2021. The independent report reveals that...
Atos has launched Atos OneCloud Sovereign Shield, a set of solutions, methodologies, and...
New distribution agreement set to bolster Westcon-Comstor’s Zero Trust offering in more markets...
Research from Avast has found that employees in almost a third (31%) of Small and Medium...
This year, over half of MSPs or their end customers have been attacked by ransomware but only 53%...
Trend Micro has published new research revealing that 90% of IT decision makers claim their...
Cyber consultants call on businesses to act now, or risk budgets shrinking further in ‘real...