But how are businesses handling these potential threats? In a new study, team improvement software developer Nulab asked more than 1,000 full-time employees who spent at least four hours each day using a computer at work about their perceptions of workplace cybersecurity. The survey dives into various approaches to keep employees and businesses safe from cyberattacks, as well as some of the reckless behaviors that many employees regularly witnessed.
Online Office Safety
Approximately 1 in 3 respondents said they believed that cybersecurity was a moderate or major problem for their employer. Just 24% felt their company had no issues with protecting its online information. And nearly twice that percentage (44%) felt their employer only had minor problems with cybersecurity.
Businesses with fewer employees were more likely to believe their employer’s digital information was insecure. Nearly 1 in 4 people at companies with 50 or fewer employees felt their employer’s data was in danger, while just 9% of people at businesses with more than 1,001 workers felt the same. Overall, 15% of respondents believed their employer’s digital information was at risk.
More than 2 in 5 employees confronted their employer about poor workplace cybersecurity habits. Smaller businesses were also the least likely companies to take these complaints seriously. Forty-four percent of respondents at companies with 50 or fewer workers believed their employers were slightly or not at all responsive to their concerns, the highest of any group surveyed. Businesses with 51 to 100 employees ranked second (33%).
Poor Cybersecurity Behavior
What were some of the more unsafe habits that employers had created? Approximately 1 in 3 companies failed to provide training to employees in cybersecurity best practices. Also, 28% of businesses exhibited weak or insufficient password protocols. According to the study, this happened more frequently in smaller businesses.
Other ways businesses were not preparing their employees for cybersecurity success were failing to backup up their data (27%) and not updating or patching their software (26%).
Employers who failed to block malicious websites, establish privacy settings, or establish protocols for personal devices were the most likely to be perceived as having reckless cybersecurity habits.
Reckless Password Habits
We all have go-to passwords so we can remember them quickly, but which habits put companies at the most risk? The study revealed that passwords that are fewer than 12 characters (42%), reusing the same password across multiple accounts and devices (39%), and passwords that contain no special characters (32%) were the top three most reckless employer password habits. Passwords containing a basic sequence of numbers and letters and not changing a password after an employee quit or was terminated made the list as well.
Smaller companies were more likely to feel that employer-provided passwords were insecure. For example, 34% of respondents employed by companies with 50 or fewer people felt this way, while only 22% of people who work at businesses with 1,001 or more employees agreed.
Companies with fewer than 51 people were also most likely to use passwords with fewer than 12 characters, reuse the same password, and use passwords without special characters. Larger companies with 1,001 or more people were more likely to store physical copies of passwords.
The top cybersecurity issues employers experienced were phishing (29%), malware or viruses (26%), and hacking (15%). Companies also dealt with data breaches, data leaks, and fraud. More than 1 in 3 employees believed their company’s poor cybersecurity habits had put them in jeopardy. Nearly 1 in 5 believed customers had been put at risk, and 16% felt client information was insecure.
Nearly 2 in 5 respondents revealed that their company had on-site technical staff, 1 in 4 had both on- and off-site technical workers, and 23% reported having technical professionals solely working off-site for their company. Just 15% of people said they did not have any technical workers at their company.
Of businesses with fewer than 51 employees, 35% said they did not have a dedicated technology department or staff. In contrast, more than half (52%) of people working at companies with 1,001 or more people had both on- and off-site technical employees. Employers without a dedicated technology department or staff were twice as likely as those staffing such professionals to be perceived as having reckless cybersecurity habits (26%).
When you own a business, proper cybersecurity behaviors are imperative. Whether you are the employer or employee, appropriate measures need to be created to keep your business, employees, and customers safe.