One-in-three Australian workers who admit to having enabled data breaches are still unwilling to change their already compromised passwords, a new study reveals.
Human error has always been a security risk, but according to cyber security firm Webroot’s latest report, office culture might present a larger issue when it comes to maintaining cyber health.
Over half of the 4000 surveyed workers have compromised personal and financial data by clicking on links from unknown senders. The report shows this behaviour isn’t a one-off either — these employees clicked on risky links multiple times.
Of this group, over a third were so apathetic, and didn’t bother to change their passwords after the breach.
And although 90% of employees consider themselves able to distinguish real emails from their phishing counterparts, 60% will click on links from unknown senders anyway.
The study also shows employees find identifying phishing in non-email communications (phone calls, notifications, snail mail and post) even more difficult. They would actually have a better chance of correctly identifying phishing if they flipped a coin.
Apart from the obvious financial risks, poor cyber security can also lead to larger reputational issues with suppliers and customers, among others.
Cyber security might seem like a time-consuming issue to resolve, but some experts say regular and incremental checks can prove more effective in the long run.
In a piece for SmartCompany, Andy Jamieson advises businesses to regularly test their own systems and update passwords.
In another SmartCompany article, Susie Jones of Cynch Security recommends breaking down the most pressing issues — anything that holds sensitive and confidential information — into “simple steps”.
Change your office culture
The biggest takeaway from the study is the need to reform office culture from apathy to vigilance.
In a piece for SmartCompany, Ilone Vass from HR firm Dancing with the Dragons encourages business owners to build competence and foster office traditions. These traditions can easily include cyber security checks and updates.
“Your employee may have problem-solving skills, which are outside of their everyday role, to help you move past any issues.
“Build their competence and confidence by allowing them to implement skills to assist with problem-solving,” she wrote at the time.