The coronavirus made it more likely that employees would make cybersecurity mistakes, according to new research.
Having surveyed 1,000 workers in the UK and 1,000 workers in the US at the height of the coronavirus outbreak in April, email security firm Tessian, showed how stress, distraction and workplace disruption can cause people to make more mistakes at work.
In fact, the researchers found that 43% of employees have made mistakes resulting in cybersecurity repercussions for themselves or their company.
The research also found that these mistakes could have big consequences, with 20% of businesses having lost customers as a result of mistakenly sending an email to the wrong person. Worringly, this was a mistake 58% of admitted to have done. A further 10% said they’d lost their job after sending an email to the wrong person.
Worryingly, one in four said they’d clicked on a link in a phishing email at work. Interestingly, workers in the tech industry were the most likely to click on links in phishing emails, with 47% in the sector admitted to having done so.
When analysing why these mistakes happen, being distracted came out on top with 47% of respondents cited distraction as the top reason for falling for a phishing scam, while 41% said this was why they had sent an email to the wrong person. With 57% of workers admitting they’re more distracted when working from home, Tessian’s report suggests the sudden shift to remote-working this year could open employees and businesses up to even more risks caused by human error.
“Cybersecurity training needs to reflect the fact that different demographics use technology and respond to threats in different ways and that a one-size-fits-all approach to training won’t work,” said Tim Sadler, CEO and co-founder of Tessian. “It is also unrealistic to expect every employee to spot a scam or make the right cybersecurity decision 100 per cent of the time, especially during these uncertain times.
“To prevent simple mistakes from turning into serious security incidents, businesses must prioritise cybersecurity at the human layer. This requires understanding individual employees’ behaviours and using that insight to tailor training and policies to make safe cybersecurity practices truly resonate for each person.”
Copyright © 2018 RegTech Analyst
