Weak passwords, confidential files stored on USBs, poor email security, attaching and sending unencrypted files in emails, and sharing passwords.
These are some of the cyber sins being committed by Australian workers each day.
And despite the fact these habits can put company data at risk, they are alarmingly common in our workplaces, according to one quantum cyber security company.
QuintessenceLabs recently interviewed 1,032 Australian workers and 308 business leaders as part of its Breach From Within report.
The study revealed that 49% of Australian office workers have performed “careless acts that make a company’s data more vulnerable to unauthorised access”.
Keeping passwords unchanged for over a year, creating weak passwords that are easy to remember and accidentally reading sensitive emails were all classified as such “careless acts”.
“Most of us have at one time or another circumvented IT protocol, but people don’t realise that these sometimes seemingly benign actions can lead to serious data breaches if the right security measures aren’t in place,” said QuintessenceLabs CEO and founder, Dr Vikram Sharma, who was one of the keynote speakers at ACS’s Canberra Conference last month.
“Once data is compromised, businesses need to be honest and transparent with customers, or face reputational damage and lost trust.”
There is also a significant chunk of workers guilty of more serious cyber blunders.
Thirty-eight percent of respondents confessed to either sharing a password with a colleague, accidentally emailing confidential files to the wrong recipient, copying confidential files onto a USB or hard drive or attaching and sending unencrypted files to an email.
Leaders unaware
The report also exposes a level of unawareness among business leaders regarding their employee’s poor cyber security habits.
Only 52% of the interviewed business leaders were aware that an employee had done something which could potentially lead to a data breach, compared with 65% of workers admitting to this.
One in four leaders were not aware of any instance in which an employee behaved in a way that constitutes a data breach.
However, it seems not all leaders are ignorant.
Forty-six percent of leaders were aware of weak employee passwords, 35% aware of poor email security of staff and 12% aware of confidential files being taken out of the office.
Sharma said it is important leaders mitigate these weaknesses.
“Interestingly, our report found that almost half of business leaders recognise there are gaps in their data protection – so it is critical to act to protect and prevent – as the flow-on effects to trust, reputation and ultimately the bottom-line is sizeable,” he said.