Untrained employees with poor security habits pose a major risk to their employers, according to Ciara O’Brien at the Irish Times. O’Brien cites recent research conducted by Amarach on behalf of Microsoft.
The researchers surveyed more than 700 employees at large Irish organizations. They found that nearly half of those employees hadn’t received security training in the past twelve months. 44 percent of those surveyed said they recycle passwords, and just 16 percent had changed their passwords in the past year.
Researchers also found that a third of employees used personal email accounts to store customer information, and 24 percent admitted to accidentally sharing work-related material with their friends or family. O’Brien notes that this could lead to GDPR violations for any company with customers who are EU citizens.
"36 percent of people backed up data to USB drive"
More than a third of employees also said they had connected a non-work storage device to their work device. Des Ryan, Microsoft Ireland Solutions Director, says this finding was particularly alarming. “Data is now a major differentiator for people,” he said. “The fact that 36 percent of people backed up data to USB drive, etc., is really scary. Where are they moving it to?”
Meanwhile, 44 percent of respondents said they’d experienced phishing, cyber fraud, and other cyberattacks that bypassed their organizations’ technical defenses. In the face of relentless social engineering and cyberattacks, organizations need to ensure that their employees have good security habits. New-school security awareness training can dramatically improve your organization’s security posture.
The Irish Times has the story: https://www.irishtimes.com/business/technology/employees-are-major-risk-to-employers-cyber-security-study-finds-1.3797153