Finn Partners Research, the research arm of global marketing and communications firm Finn Partners, today released findings from its Cybersecurity at Work study that examined the level of cyber risk that employees pose to their organizations.
The in-depth study, which surveyed 500 full-time office employees across the U.S., found that nearly two in five workers admitted to clicking on a link or opening an attachment from a sender they did not recognize. This security slip-up is significant due to the installation of malware on their devices and the harvesting of sensitive corporate data.
Resulting from the societal BYOD (bring your own devices) trend, the study shows that more than half of employees (55 percent) are using their personal devices for work, which directly impacts increased vulnerability to hackers, malware and data breaches. In addition, only 26 percent of employees change their login credentials and/or passwords for personal and work applications at least once a month.
“The fastest and easiest way for bad actors to gain access to sensitive organizational data is for employees to click on nefarious links – we know that around 40 percent of our workforce is engaging in such behavior,” said Jeff Seedman, senior partner at Finn Partners who leads the firm’s U.S. cybersecurity specialty group. “Employees often assume their personal devices are secure, but then neglect to update their software regularly or put any protection policies in place. This is a serious problem, especially if a device loaded with company data gets lost, stolen or hacked.”
Cyber hygiene training is infrequent and inconsistent
Only 25 percent of employees said they receive “cyber hygiene” training on a monthly basis from their IT team. Cyber hygiene refers to the updating of operating systems on devices, checking for security patches, and changing passwords.
29 percent receive quarterly training;
19 percent receive bi-annual training;
23 percent receive annual training
“While 31 percent of respondents have already been a victim of a breach or attack, the behavior patterns to elicit security breaches remain,” said Jodi Brooks, managing partner and tech practice lead at Finn Partners. “The opportunity to invest and increase the cadence of security vulnerability training in our organizations is vital. It is no longer sufficient for organizations to roll out annual security trainings on the latest vulnerabilities.”
The Finn Partners Research survey was completed in June 2018 and included 500 respondents located in the U.S. who hold full-time positions in an office environment with more than 100 employees. You can read the complete Cybersecurity at Work report here.