With the COVID-19 pandemic forcing most office-based companies to switch to a prolonged period of home working, one area where standards appear to have slipped is cyber security via the use of vulnerable personal devices for work purposes.
Gadget insurance company Protect Your Bubble surveyed* over 2,000 UK employees across a wide range of industries to find out how employees have experienced home working during the pandemic and uncovered some concerning practices when it comes to company data and cyber security.
When employees were asked if they had downloaded commercially sensitive or confidential company files on to any personal device (either a desktop, laptop, tablet or smartphone) while working from home, nearly 20 percent said yes.
Of these respondents, 40 percent also admitted that these personal devices either did not have password protection or up-to-date security software installed. 7 percent had neither.
During April to June this year, cyber security attacks surged with UK businesses experienced almost 177,000 attempted security breaches – the equivalent to one every 45 seconds – as criminals attempted to capitalise on the chaos and confusion caused by the COVID-19 and changing online behaviour.
According to the survey, younger employees are the most likely to have a more relaxed approach when it comes to security on their personal devices compared to older age groups. Almost 30 percent of under 24s had used personal devices for work purposes over the past six months and of these, 50 percent did not have either password protection or security software installed.
This emphasises the need for businesses to offer more company-issued devices alongside continuous cyber security training, particularly among its younger employees, to avoid the use of unprotected personal devices.
The likelihood of employees handling company data on personal devices while working from home drops by age, lowering to just under 8 percent for 45-54s and over 55s, highlighting a more disciplined approach to cyber security among older employees.
Surprisingly, IT and Telecoms (21.4 percent), HR (22 percent) and Finance (21.4) are among the worst-offending industries studied with 1 in five employees in these sectors admitting to downloading sensitive or confidential company documents onto personal devices during lockdown.
But when it comes to industries with the most vulnerable personal devices without password or security software protections in place, worryingly the healthcare sector takes the top spot.
The survey reveals almost 20 percent of healthcare workers who have downloaded company files onto a personal device have neither password protection or security software installed despite the health sector being a prime target for cybersecurity attacks during this time as malicious actions taking advantage of the COVID-19 pandemic.
Other bad offenders include those working in Arts and Culture (16.7 percent), Retail, Catering and Leisure (13.6 percent), and Sales, Media and Marketing (13.3 percent).
James Brown, Director at Protect your bubble commented:
“It’s clear from the survey responses that many UK businesses need to address their cybersecurity vulnerabilities and adapt their protocols in light of more employees working remotely.
“Along with more thorough staff training and the issuing of company-owned devices, insurance is also key to make sure employees can remain productive while working remotely in the case of loss, theft or accident.”
You can find the complete detailed breakdown of the survey results here.