First ever security research on large public sector and commercial organisations across the island of Ireland reveals poor employee habits that could increase data breaches and security risks.
Microsoft launches new security solutions – Microsoft Identity & Threat Protection and Information Protection & Compliance to help companies achieve their security and compliance goals.
Key research highlights:
- A massive 44% of public and private sector employees in Ireland have experienced problems with phishing, hacking, cyber fraud or other cyberattacks, this does not include attacks that were already caught by their company’s own security measures.
- 46% of employees admit to having had no security training in the last 12 months.
- 22% admit to writing down their passwords and 44% recycle their personal passwords, potentially using the same passwords for both work and home.
- 62% would welcome biometric verification.
- Half of employees prefer their home to their work device while 24% of those working from home have accidently shared work-related material with friends and family.
- 36% have plugged a non-work USB drive or data device into their work device, posing serious data and intellectual property loss.
- One third are using personal email for work-related or customer information storage, risking GDPR violations when leaving the organisation.
Dublin 18th February 2019: Microsoft Ireland has warned that poor security habits within large Irish public sector and commercial organisations will lead to critical data and intellectual property loss. Following the publication of research across 700 employees working in large Irish organisations employing over 100 staff across both the public and private sector, Microsoft has identified potentially dangerous employee habits which if not addressed, could risk major data loss or theft over the coming year, with severe legal and reputational consequences.
Digital Transformation is enabling and transforming organisations, driving the need to maximise employee productivity, as well as adapting to the explosion in mobile devices and technology innovations. However, in the drive to transform, Irish organisations leave themselves vulnerable to major security risks that range from data and revenue loss to reputation damage, in addition to hindering digital transformation.
Microsoft commissioned Amarach Research to investigate the security culture within Irish organisations to understand how their employees accessed and used sensitive data while at work and on the go. The research also looked at what gaps were emerging that could be exploited by hackers or lead to a data breach.
As part of its on-going efforts to drive better security for organisations, Microsoft invests $1bn each year in security, it analyses more than 6.5 trillion signals daily, processes 630 billion authentications monthly, and scans 470 billion e-mails for malware and phishing monthly.
The research found (download full report)
Inconsistent data security training – only 54% of respondents within large Irish organisations reported receiving training once a year. Only 16% of employees have updated their passwords in the last 12 months in line with their organisation’s policies.
Poor password hygiene by employees: Passwords have become too easy to guess or steal. Nearly a quarter (22%) of Irish employees write down their passwords. 77% of employees rely on their memory for their work and personal passwords. When it came to their password hygiene, 2 in 5 recycle their work passwords, and 44% recycle their personal passwords. Over the course of a year, only half change passwords quarterly, with only half updating their passwords once a year or less.
Employees are potentially using the same weak password across dozens of different accounts in their work and home life, making a stolen password more lucrative to criminals. To resolve this, 3 in 5 employees surveyed would welcome biometric verification as an alternative to passwords.
Home is where the data breach is: Organisations who provide the technology and trust but don’t enforce security and data protection are vulnerable. The research discovered that employees working from home are much more likely to engage in risky security activities that increase potential data loss. Nearly half (49%) of those working from home at least once a week used their personal email account for saving, editing, sending, or sharing work-related documents. 24% reveal that they accidentally shared work-related material with friends and family.
Different practices for those working from home: The research found that one in three are allowed by their company to use their personal device for work purposes. Half of respondents claim their personal device is better than their work device, and almost three in ten of these have used their home device to work on sensitive files.
A quarter of those working from home at least once a week admit to having friends or family access work devices at home, which may violate data policies from their organisation. This is worrying when 56% of respondents reported they work from home, and almost half of these have no restrictions on document access when working from home.
USBs and potential data loss: Worryingly, 25% of those surveyed admitted plugging a USB thumb drive that wasn’t from their company into their work device, 12% connected back-up drives, and 5% connected a smartphone that didn’t belong to them. This increases the chances of employees compromising their identity – Microsoft reported that 81% of major data breaches last year could be traced back to this issue alone.
Devices and security: While 1 in 5 respondents claim their devices are updated regularly, they aren’t shown how to use newly introduced technology. Using personal devices can increase risky employee behaviour such as downloading sensitive documents to mobile devices (e.g. Smartphones and Tablets) which could result in sensitive data being outside of the sight and control of the organisation.
Employees have already fallen victim to cyber hackers; 30% of employees surveyed have been notified about a breach of their personal data, and 44% have experienced problems with phishing, hacking, cyberfraud or other cyberattacks happening in either their personal and professional lives. Interestingly 18% have reported similar issues in the workplace.
“Organisations can invest in robust data protection and security measures, but their employees could, accidently, bring about a potential security disaster for their organisation,” said Des Ryan, Microsoft Ireland Solutions Director, “The most common and least detected sources of data breaches are compromised identities. Passwords can be hacked, guessed, leaked or lost. New technologies like biometric security can deliver the robust security required to protect organisations from most social engineering attacks.”
“Organisations must now ensure they are taking a considered approach to data security, and embrace new procedures and technologies, coupled with consistent training, enforced policies, along with better device upgrades to enable employees to deliver the productivity needed for successful transformation with a minimum of risk to the organisation. We see needless security risks created by employees who are unaware o