Three Reasons Poor Employee Security Habits Expose Public and Private Sector Organisations in Ireland
Kevin Mitnick, the famous hacker once said, “What I found personally to be true was that it’s easier to manipulate people rather than technology.”
Digital transformation is enabling and transforming organisations, driving everything from employee productivity, to the ability to be able to work remotely. However, in the drive to transform, Irish organisations are leaving themselves vulnerable to major security risks that can lead to data and revenue loss as well as significant damage to a company’s reputation. They forget to keep their employees up to date in terms of security training and awareness.
Microsoft Ireland today launched research on security within public and private sector organisations across the island of Ireland to get a better understanding of the security habits of employees within Ireland’s largest organisations. The research looked at what gaps were emerging that could be exploited by hackers or lead to a data breach.
- Poor password hygiene could lead to a payday for Cyber criminals
One major finding is that passwords have become too easy to guess or steal. Nearly a quarter (22%) of Irish employees write down their passwords, with 77% of employees relying on their memory for their work and personal passwords.
When it comes to password hygiene, 2 in 5 recycle both their work and personal passwords. The study also found that people do not update passwords regularly, with only half of respondents claiming to update their passwords only once a year or less.
With employees using the same weak passwords across dozens of different accounts across their work and home life, a stolen password could be hugely lucrative for criminals. One way to combat this is through biometric verification, which 3 in 5 employees would welcome as an alternative to workplace passwords.
- Employees working from home are more likely to engage in risky security activities
Improved workplace technology and more reliable broadband speeds have made working from home more accessible than ever. While the ability to be more flexible in the workplace has been welcomed by many, the research discovered that employees working from home are much more likely to engage in risky security activities.
Nearly half (49%) of those working from home at least once a week used their personal email account for saving, editing, sending, or sharing work-related documents, with 24% revealing that they accidentally shared work-related material with friends and family.
A quarter of those working from home at least once a week admit to having friends or family access work devices at home, which may violate data policies from their organisation. This is concerning when 56% of respondents reported they work from home, and almost half of these have no restrictions on document access when working from home.
Another worrying finding for Irish organisations is that 25% of those surveyed admitted plugging a USB thumb drive that wasn’t from their company into their work device, 12% connected back-up drives, and 5% connected a smartphone that didn’t belong to them. This increases the chances of employees compromising their identity – with Microsoft previously reporting that 81% of major data breaches last year could be traced back to this issue alone.
- Many have already fallen victim to hackers
With the research pointing to several areas of potential vulnerability for organisations it is unsurprising to learn that 30% of employees surveyed have been notified about a breach of their personal data. As well as this, 44% have experienced problems with phishing, hacking, cyberfraud or other cyberattacks happening in either their personal and professional lives.
As in the popular TV show, Mr Robot, the Hacker Elliot Alderson concluded that “humans make the best exploits” so organisations failing to factor employee behaviour into their security strategy could see security plans fail.
As part of its on-going efforts to drive better security for organisations, Microsoft invests $1bn each year in security, it analyses more than 6.5 trillion signals daily, processes 630 billion authentications monthly, and scans 470 billion e-mails for malware and phishing monthly.
In addition, Microsoft has launched two new security solutions – Microsoft Identity & Threat Protection and Information Protection & Compliance to help companies achieve their security and compliance goals.
Microsoft offers security products to both private and public sector organisations, leading with Microsoft 365 E5 which provides customers with the most extensive productivity and advanced security solutions. To answer the growing need for security and compliance solutions in an age of increasingly sophisticated cybersecurity threats, as well as complex information protection needs due to regulations like GDPR, Microsoft has now launched two new identity and compliance solutions, called Microsoft Identity & Threat Protection and Information Protection & Compliance, designed to provide customers with simpler purchase, deployment, and adoption. They are based on the Intelligent security Graph, which continuously provides the latest information about cyber security attacks and provides “up to date” security. Click here for more information about Microsoft’s security solutions.
Des Ryan
Director of Specialist Technology Units