Risky business: Aussie workers' WFH behaviour
Research has highlighted the risky behaviour of employees using company-issued devices. In a global survey by Mimecast, more than 1000 respondents were asked about their use of work devices for personal activities and their awareness of cyber risks. Survey findings highlight the need for better awareness training, as people are clicking on links or opening suspicious emails despite having been trained.
The research found that 73% of respondents globally use their company-issued device for personal matters, with 60% admitting to an increase in frequency since starting to work remote. The most common activities included checking personal emails (47%), carrying out financial transactions (38%) and online shopping (35%).
In comparison, 78% of Australian respondents are using work tools for personal matters more than other nations, with 53% reporting an increase in personal usage during COVID-19. While personal email (53%) and financial transactions (51%) ranked highly locally, social media (40%) was the third most common Australian activity, above shopping (38%).
The State of Email Security 2020 report revealed that personal email and browsing the web/shopping online were already two areas of concern for IT professionals. Approximately 77% of Australian respondents said there was a risk to checking personal emails as the cause of a serious security mistake, and 70% thought surfing the web or online shopping could likely cause an incident.
Findings revealed that 97% of Australian respondents know that links in email, on social media sites and on websites can potentially infect their devices, with 71% of respondents having received cybersecurity awareness training related to working from home during the pandemic — higher than the global average of 64%.
However, this does not translate into putting this knowledge into practice, as 35% of Australian respondents admitted to opening emails they considered to be suspicious, while 38% did not reporting suspicious emails to their IT or security teams.
Josh Douglas, Vice President of Threat Intelligence at Mimecast, noted that while there is a lot of awareness of training offered, most of training content and frequency is ineffective at convincing employees to reduce cybersecurity risks.
“Better training is crucial to avoid putting any organisation at risk. Employees need to be engaged, and trainings need to be short, visual and relevant and include humour to make the message resonate. Awareness training can’t be just another check-the-box activity if you want a security-conscious organisation,” said Douglas.
Almost 60% of workers aged 16–24 globally admitted to opening emails even though they looked suspicious, while young Australians fare better at 50%. Young workers also blurred the lines between their business and personal usage of these devices, with 87% of the Australian 16–24 age group using their issued devices for personal use, while 58% of the 55+ age group admitted the same.
Douglas urged security professionals to ensure their organisation isn’t more exposed as threats evolve to target the unsuspecting.
“With everyone’s home becoming their new office, classroom and place of residence, it’s not really a surprise that employees are using their company-issued devices for personal use. However, this is also a big opportunity for threat actors to target victims in new ways. We’ve seen attacks become more aggressive and the attack surface has expanded due to the new ‘WFH’ or hybrid work environments,” said Douglas.
Australian respondents averaged 2.4 hours of personal activity on their work devices a day (higher than the global average of 1.9 hours), while 30% (compared to 22% globally) clocking more than three hours of non-work-related screen time. Additionally, 78% of men reported using their corporate device for personal businesses, versus 65% of women.
Queensland Rugby League has invested in OneCorporate, a new enterprise software solution from...
EFTPOS has announced the availability of new APIs to enable Australian fintechs to create...
The ACCC has authorised the proposed merger of eftpos with BPAY Group Holding and NPP Australia,...