Study reveals more work needs to be done to combat workplace cybersecurity threats

New report examines the readiness of the workforce against the backdrop of rising cyber-threats and how more complex security measures are required to combat threats.

Our new report examines the readiness of the workforce against a range of cybersecurity risks, with data showing that cybersecurity threats are on the rise and set to cost the economy trillions of dollars.

We surveyed 1,000 US-employed respondents across the country to find out how prepared employees are for this technological change, with the range and quantity of threats likely to increase in the coming years.

Workers admit to questionable cybersecurity behavior

We asked employees a series of questions to see which behaviors they admit to in order to establish how widespread problems are.

The study found that large portions of the population are not following best practices when it comes to online safety.

Almost half of those in employment (46%) admit to using the same password across multiple platforms, risking widespread issues should their password be compromised.

Many are also falling for common phishing tactics, including opening unverified documents (18%) and clicking on unverified links (20%).

Common cybersecurity problems (% who admitted to doing this)

1. Used the same password for multiple platforms (46%)
2. Stored passwords on a work laptop, phone, or writing pad (31%)
3. Left desk without locking/logging out of/shutting down computer (28%)
4. Chosen to avoid using two-factor authentication for logins (26%)
5. Failed to update software on time (25%)
6. Used a password with name or birthday in it (24%)
7. Worked from an unprotected Wi-Fi source (e.g. open Wi-Fi that is not password protected) (20%)
8. Clicked on a link from an unverified source (20%)
9. Opened a document from an unverified source (18%)
10. Skipped or paid little attention to cybersecurity training (13%)
11. Sent confidential data or files to the wrong recipient (9%)
12. Failed to report a potential cybersecurity breach (8%)

How prepared is the workforce?

The survey also questioned employees about their feelings on how prepared they are for a potential cybersecurity threat, such as a hacking or phishing attempt.

Overall, one in ten (10%) said they feel “unprepared” for cybersecurity threats.

A further one in five (21%) said they felt neutral about their preparedness, suggesting that work could still be done to improve their readiness to deal with threats.

Just over a third described themselves as “very prepared” for any threats.

Is the workforce trained in cybersecurity?

One element of preparation lies in training for the threat, so we asked the survey respondents how recently, if ever, they have been trained in cybersecurity.

Surprisingly, as many as a quarter (26%) of workers say they have never been trained on cybersecurity issues, leaving them open to potential hacks and scams.

A further 6% of those surveyed haven’t been trained in three years or longer, meaning their knowledge is likely out of date.

Luckily, over half (56%) have received cybersecurity training in the past year.

Is working from home a problem?

Since the pandemic, the rate of workers spending at least some of their working week at home has increased.

This raises some questions from a cybersecurity perspective as workers will not benefit from automatic protections offered by using company internet in the office.

Some of this relies on the worker joining a VPN, updating their system regularly, and ensuring that their internet connection is secure.

We asked workers how vigilant they have been, with some mixed results.

Less than half of workers use a firewall (38%) or join their work VPN (33%) when working from home.

Common WFH problems (% who admitted to doing this)

1. Use a firewall (38%)
2. Join their work VPN (33%)
3. Regularly change their Wi-Fi password (32%)
4. Regularly update their router (30%)
5. Disable remote access (20%)

Most Americans use their personal device for work purposes

Our study asked workers whether they were completing all their work on company equipment, or whether some were choosing to use their personal devices for work purposes.

Almost three-quarters of workers (72%) said that they have used their personal devices for work in the past.

There is a generational divide here, as younger people (16–24-year-olds) are much more likely (78%) to use their personal devices for work, compared to 55+ year olds (60%).

Personal devices are generally not as safe as work devices. Work devices typically restrict apps and software that can be downloaded, force software and security updates onto the user, and can be more easily monitored for suspicious activity.

Workers using their personal devices are likely to leave their organization more vulnerable to cybersecurity threats, yet the vast majority of those surveyed admitted that they work on their personal phone, laptop, or tablet.

Our conclusion

All evidence points toward cybersecurity threats continuing to increase in scope, quantity, and harm in the coming years.

Organizations stand to lose huge chunks of revenue if they are unprepared for potential threats, and the smart move will almost certainly be to invest further in training and extra measures to combat security threats.

Jared Parker, Security Compliance Manager at RS, concluded: “Surveys of this nature play a vital role in evaluating the effectiveness of cybersecurity training programs currently implemented across organizations.

“As work from home and Bring Your Own Device (BYOD) policies become increasingly prevalent, the threat landscape continues to evolve, making it imperative for companies to equip employees with up-to-date knowledge on emerging security threats and tactics employed by malicious actors.

“Cybersecurity education can no longer be treated as a one-time annual compliance exercise as critical information is easily forgotten without regular reinforcement. Instead, organizations should adopt a continuous learning approach by delivering concise, easily digestible training nuggets throughout the year.

“These micro-learning modules should focus on helping employees recognize and respond to the latest emerging threats, especially as adversaries leverage advancing technologies like artificial intelligence to refine their attack methods and techniques.”