New research released by security awareness and email protection company Mimecast finds that more than two-thirds of employees admit to personal use of work devices during office hours.
Mimecast surveyed more than 1,000 people who use company-issued devices (such as mobile phones, desktop computers or laptops) in the workplace, in order to understand their behavior, but also their awareness of basic threats plaguing organizations.
The top three personal uses are reading the news (53 percent), checking personal email (33 percent) and browsing social media (23 percent). Additionally, nearly 28 percent say they use their company-issued device for personal reasons for at least one hour a day, with the number rising to 40 percent among younger workers (18-24-year-olds).
The findings show that one in four respondents aren't familiar with the most common threats like phishing attacks and ransomware, and 15 percent say they could be more cautious when it comes to cybersecurity or that just blindly trust emails that they receive.
There's a high level of ignorance about usage policy too. 60 percent of respondents either aren't aware of their companies having a formal policy on their personal web use at work or say there isn't one in place at all.
In addition only 45 percent of modern businesses provide mandatory, formal cybersecurity training. Another 10 percent do offer this, but on an optional basis. Among businesses that do offer cybersecurity training and education, just six percent do so monthly, while four percent do so quarterly.
Michael Madon, SVP and GM of Mimecast Security Awareness writes on the company's blog:
...businesses are inherently trusting their employees to know what, and what not, to click on, and to be smart when it comes to browsing the web -- for both professional and personal reasons. It could also mean that today's organizations simply don’t have the resources or know-how to implement formal cybersecurity and awareness training. And with cyberthreats continuing to evolve so they can bypass traditional security methods, like anti-virus and anti-spam filters, it's essential organizations integrate cybersecurity awareness training into their overall cyber resilience strategy.You can read more about the findings on the Mimecast blog .
Image credit: AllaSerebrina / depositphotos.com
