Cyber-attacks and data breaches are likely to become more frequent, as businesses have underestimated the impact the pandemic has had on their vulnerability. That’s according to a recent report.
A survey by security firm Tessian discovered that:
- 56% of senior IT technicians believe their employees have picked up bad cyber-security habits while working from home
- 39% of employees admitted that their cyber-security practices at home were less thorough than those practised in the office
- 1 in 3 employees think they can get away with riskier security behaviours when working remotely
- 40% of the employees surveyed said that they planned to bring their personal device into the office to work on
- 54% of IT decision-makers are worried remote workers will bring infected devices and malware into the office
- 27% of workers are afraid to tell IT they’ve made a security mistake.
The problem with email
According to the report, one of the biggest data security risks was employees moving company data to personal e-mail accounts. And 40% of the employees surveyed said that they planned to bring their personal devices into the office to work on.
The security risks associated with emails are all too familiar. ICO figures[1] reveal that misdirected email (392 reports) is a more significant issue than phishing (215 reports) and ransomware (141 reports).
Email security breaches can come in many forms. For example:
- misspelling an email address and sending it to the wrong person
- not using the bcc functionality when sending to multiple recipients
- attaching the wrong information to an email
- using un-secure personal devices/accounts to send sensitive information
- falling for phishing emails.
Our opinion
Commenting on the report, head of data breach, Kingsley Hayes said:
“The last few years have thrust the issue of data protection into the spotlight. Especially as we all exploited technology to find ways to work and connect amidst the coronavirus pandemic.
“Of course, the challenges of an at-home workforce and an increased reliance on remote technology comes with additional risk. I have also spoken about the potential for increased human error due to heightened employee stress. But, despite the possible consequences – which can include business disruption, reputational damage, huge fines, and consumer claims – too many organisations failed, and are still failing, to take data protection seriously. The latest findings show that this is a ticking timebomb.
“As a matter of urgency, organisations must do more to ensure the security of the devices being used for work on a remote basis. Training is also essential to ensure that employees know how to navigate the risks, and that they understand the consequences of poor data security practices. Especially as working from home – or at least flexible/hybrid working – is set to become the norm from many even after the current pandemic is past.”
[1] Quarter 3, Financial Year 2020/21
