A new research report from cybersecurity firm Tessian suggests that workers may be more likely to make cybersecurity errors at home because they are more distracted.
The research surveyed two thousand workers split evenly between the UK and US, and it was conducted in April at the height of coronavirus lockdown, when many people continued to fulfil their work duties from home.
Some 43% of respondents reported making an error that had cybersecurity repercussions, particularly among younger workers. The report speculates that this may be because older generations are less likely to report errors and risk losing face, highlighting a need to remove any stigma that may result from reporting security errors. A quarter of respondents also admitted to clicking a link in a phishing email, while 58% said they had sent an email to the wrong person, sometimes resulting in the loss of a customer for a business.
Distraction seems to be a major cause of this, with 47% of respondents citing it as the main cause of being fooled by a phishing campaign and 41% indicating it as the primary reason for sending an email to an incorrect recipient.
While distraction can occur both at home and in the office, more than half (57%) of respondents reported being more distracted at home when working. With home working still playing a part in the social distancing measures of some organisations and the practice set to continue to some extent even after the health crisis is resolved, this flags up potential security concerns for the future. While this may cause some to reconsider the value of home working, the report suggests taking action in other areas instead.
In the report’s conclusion, the authors suggest that a combination of training employees, establishing policies, and implementing cybersecurity technologies may be the best approach for organisations to remedy the situation:
“To successfully prevent mistakes from turning into serious security incidents, businesses have to take a more human approach. They need to take the burden of security away from employees and empower them to work—however and wherever they want—in a safe way. Training and policies help. However, combining them with machine intelligent security solutions that automatically alert individuals of potential threats in real-time and explain why the email they are about to send or have received is a risk, is more powerful in preventing mistakes before they turn into breaches.”
At Pro-Networks, we understand the importance of combining technology, training and compliance in our office IT support services to achieve a comprehensive cybersecurity strategy. While technologies like firewalls and anti-malware are essential to securing your networks, these need to be complemented with training to support the human element. When staff are adequately empowered, they can detect potential attacks even when they are distracted by events at home or in the office. This can also be enhanced by standards compliance, which brings about clear guidance for how to work safely and effectively.