While the threat of cyberattacks continues to increase, professionals are as affected as individuals. However, many workers still have risky practices without realizing it, demonstrates a survey led by OpinionWay for Lockself, a IT security Saas dedicated to businesses.
Risk behaviors
94 % of employees believe that cybersecurity in business is everyone’s business. However, the study reveals a multitude of risky behaviors, which employees adopt without really taking on the scale of the threat. They are, in fact, 64 % to consider the digital risk of their practices as low or zero, a figure which climbs to 43 % in those under 35 years old.
Thus, 49 % of interviewees use their professional tools (computer, telephone, etc.) for personal purposes, while 63 % use the same identifier or password for several professional accounts. Likewise, 61 % of employees have already used an email address or a wetransfer type service to share a document. However, these solutions are generally unsecured; Anyone can intercept them and access potentially sensitive information.
The management of passwords also raises a question. 30 % of employees use personal or easily advinated information (such as their date of birth or the name of a loved one) To secure their professional accounts. Worse, 27 % recognize using low passwords, made up of figures or without special characters.
Double factor authentication, however essential to strengthen security, is only adopted by 31 % of them. A disturbing statistic, especially since 39 % of employees admit to share their professional passwords with colleagues. This habit is even more widespread in small businesses, reaching 52 % in structures of 20 to 49 employees, compared to 30 % in large companies with more than 1,000 employees.
A lack of business training
An observation which highlights the urgency of strengthening good practices in terms of business cybersecurity. All the more The development of hybrid work and telework for five years has worsened the threatemployees using their less secure personal devices.
The study also highlights a lack of blatant training. Almost half of employees (46 %) has never received a training in digital threats, a proportion that climbs to 68 % in companies with less than 20 employees. The gap is also notable between the sexes: 51 % of women say they have never been trained, against 41 % of men.
Among those who have benefited from training (54 % of employees), a quarter received it that more than a year ago, thus reducing its effectiveness in the face of new cyberrencies. Hence the need to provide reminders, but also to adjust training. “” The threats are constantly evolving, making it essential to update the knowledge of employees. It is therefore essential to set up suitable and lasting training plans, taking into account different levels of maturity and requirement depending on the team. This investment is crucial to anchor good cybersecurity practices permanently “, Continues the expert.
Note that in terms of training, companies with 50 to 259 employees and those with more than 1,000 employees are the best students, unlike the smallest structures, where training initiatives remain limited.
All companies are concerned
However, all companies, whatever their sizes, are affected. “” Small businesses are particularly vulnerable to mass cyber attacks, often due to insufficient security. Conversely, the larger a business, the more it may be targeted by targeted attacks. The latter are increasingly passing through rebound attacks: hackers attack the suppliers or SME/TPE customers, less protected, then reaching their main target, often a large company. A phenomenon that pushes to strengthen cybersecurity regulations Summarizes Pierre Randget.
Phishing is a major threat to business. 46 % of employees still admit click on questionable links in their professional emails. Similarly, 44 % download files without checking their provenance, facilitating the infiltration of malware. A worrying paradox, while 94 % of respondents say they can recognize a fraudulent email.
These risky behaviors are particularly marked in those under 35. 35 % of them download attachments without verification (compared to 17 % of 35-49 year olds and 12 % of the over 50s). In addition, 30 % click on without precaution, compared to 18 % of 35-49 year olds and 16 % of the older ones.
Simple and integrated tools in the working environment
In addition to training, other practices must absolutely be implemented by companies. The lack of simple and integrated tools in the working environment is a major obstacle to the adoption of good cybersecurity practices. Sensitizing employees of risks is essential, but it is still necessary to provide them with suitable solutions, such as plugins, to change their habits without wasting too much time.
“” Without secure tools for sharing or managing passwords, training alone is not enough. Conversely, set up tools without support and pedagogy limits their adoption and efficiency “Concludes the leader.
By: Bitdefender
