© 2019 SourceMedia. All rights reserved.

Many employee work habits seem innocent but invite security threats

While most employees are generally risk averse, many engage in behaviors that could lead to security incidents, according to a new report from Spanning Cloud Apps LLC, a provider of cloud-based data protection.

The company surveyed more than 400 full-time U.S. employees, and found that more than half (55 percent) admitted to clicking links they didn’t recognize, while 45 percent said they would allow a colleague to use their work computer and 34 percent were unable to identify an unsecure ecommerce site.

phishing invites.jpg
A stream of binary coding, text or computer processor instructions, is seen displayed on a laptop computer screen as a man works to enter data on the computer keyboard in this arranged photograph in London, U.K., on Wednesday, Dec. 23, 2015. The U.K.s biggest banks fear cyber attacks more than regulation, faltering economic growth and other potential risks, and are concerned that a hack could be so catastrophic that it could lead to a state rescue, according to a survey. Photographer: Chris Ratcliffe/Bloomberg

The results paint a picture of a workforce that has a general understanding of security risks, but is underprepared for the increasing sophistication and instance of ransomware and phishing attacks, the report said.

Nearly three quarters of those surveyed demonstrated suspicion of unfamiliar URLs from popular sites, and aversion toward potential malicious links was generally high, with 87 percent demonstrating caution around these URLs.

See Also 5 steps that can help CISOs win over the board on security programs

Employees would rather be “nice” than safe, the study said. Of workers with administrative access, only 35 percent responded that they would refuse to allow a colleague to access their device. And they like to shop from work, with more than 52 percent saying they shop online from their work computer.

Workers are underprepared for sophisticated phishing emails. When presented with a visual example, only 36 percent correctly identified a suspicious link as being the key indicator of a phishing email, the study said.

For reprint and licensing requests for this article, click here.