We’ve known that employees are the weak link in security. In fact, we have been cautioning organizations for quite some time regarding the risks their employees pose when not properly trained. Despite heightened awareness of these risks, recent research from Microsoft suggests that employees remain the weak link, posing huge risks to their organizations.
A combination of poor habits is to blame for employee risks, some of which are not entirely the fault of those individuals. According to the research, the lack of security awareness training, poor password security, and accessing/storing data on personal devices are a major cause for concern.
Nearly half of all survey respondents stated they had received no security training in the last twelve months.
As far as password security, 44% of survey respondents admitted to reusing passwords, 22% stated they write their passwords down, and only 16% of respondents have updated their passwords in the past 12 months.
The problem of utilizing personal devices also proved to be concerning. 36% of respondents have utilized devices that contain non-work-related data on their work device (USB drives for example). 12% also connected backup devices and 5% connected smartphones that did not belong to them.
Other noteworthy findings from the research conducted by Amarach on behalf of Microsoft:
- One-third of respondents stated they are using their personal email accounts for storage of work-related data.
- 24% of remote workers admitted to accidentally sharing work-related materials to their family and friends.
- 30% of surveyed employees stated they have been notified about a breach of their personal data.
- 44% of respondents have experienced problems with phishing, hacking, cyberfraud, or other cyber attacks.
This research was conducted by surveying 700 employees working in large Irish organizations and highlights the dangers organizations face, especially when it comes to data loss. Organizations must remain diligent in educating their employees and creating a healthy cybersecurity culture to avoid data loss, or potentially, dealing with the repercussions of a data breach.