Companies face greater risk of ransomware attacks as staff shop on company-owned devices
Research launched today by Menlo Security, a leader in cloud security, reveals increased cybersecurity risk to employees and organisations during the 2021 Christmas shopping season. The new research, which surveyed 2,000 workers in the US and the UK, found that while employees are concerned about threats and are taking some measures to mitigate them, they often have false confidence in their security posture.
There are now more threats to corporate devices and networks than ever as hybrid work models blur the boundaries between work and home. More than half of respondents in the UK (56 per cent US) reported performing non-work-related tasks – such as online shopping – on company devices.
The survey also found that 63 per cent of UK respondents (65 per cent US) are doing more Christmas shopping online this year compared to previous years, and nearly half of respondents (45 per cent UK; 48 per cent US), are shopping for festive gifts on a work-issued device, such as a laptop or mobile phone.
Employees are also noticing a rise in cyber threats during the festive season, with 48 per cent of UK respondents (58 per cent US) seeing an increase in scams and fraudulent messages. This is worrying, with the vast majority of respondents (80 per cent UK and US) reporting being ‘somewhat’ to ‘very concerned’ about their personal data being stolen when shopping online. Despite concern over these cyber threats, 65 per cent (60 per cent US) still believe they are secure from cyber threats if they are using a company device.
“Workers are becoming increasingly aware of the threats while browsing the web, however they have a false sense of security about the level of protection they have when using corporate devices. As a result, they are unintentionally exposing their corporate networks to a slew of vulnerabilities,” said Mark Guntrip, senior director, cybersecurity strategy at Menlo Security. “More employees are using company-issued devices not only for work, but also personal tasks like shopping and banking, which is putting entire networks at risk of being breached. To mitigate this risky behavior, organisations must make it a priority to adopt a zero trust security approach to prevent cyber attacks before they happen and ensure that they’re protected if they do fall victim.”
Workers depend on laptops, mobile devices and the web to conduct work no matter where they are located and many of these tasks are being done in the browser. The Menlo Security survey found that 70 per cent in the UK (76 per cent US) spend one or more hours in a browser each day doing work tasks. An industry report from Forrester and Google found that business users spend 75 per cent of their workday either working in a web browser or attending virtual meetings – which is in turn making them susceptible to hackers.
The research also shows that:
- Aware of potential threats: Out of various online threats, malware is the most recognised in the UK (81 per cent) This was followed by ransomware (61 per cent); credential phishing (45 per cent); and HTML smuggling (16 per cent). 12 per cent of respondents were not familiar with any of these cyber attack methods.
- Taking measures to protect themselves: Strong passwords were the most popular protective measure reported by respondents globally (71 per cent UK), and 58 per cent reported they are using anti-virus software to protect themselves when shopping online. Other protective measures include shopping only on websites of familiar retailers (55 per cent), confirming that URLs/emails do not have suspicious characters (37 per cent), checking for the lock next to a URL (46 per cent), and having a dedicated card for online shopping (20 per cent). Only 3 per cent claim that they do not take any of these protective measures while shopping online.
- Young vs old shopping habits: The youngest workers (18-24 years old) most often reported an increase in Christmas shopping this season (79 per cent U.K). There was a lower percentage for each subsequent age group, with 71 per cent for those 35-44, and only 39 per cent for those over 65 years old. Younger generations may also be more attuned to cyber threats, with younger groups more often reporting they have noticed an increase in scams/fraudulent messages.