Powered by MOMENTUM MEDIA
cyber daily logo
Breaking news and updates daily. Subscribe to our Newsletter

Employees’ dodgy tech habits posing a risk to Australian businesses

KnowBe4 announced new research which has found that more than six in 10 Australian office workers (63 per cent) don't believe using their work email for personal activity is a security risk to their employer.

user icon
Tue, 22 Feb 2022
Employees’ dodgy tech habits posing a risk to Australian businesses
expand image

The KnowBe4 data also revealed that more than half of that number engage with suspicious emails and SMS and only 5 per cent can correctly identify which emails and SMS are legitimate or scams.

Furthermore, only four in 10 (40 per cent) employees say they always report suspicious emails and SMS to the IT team responsible for cyber security. More than half (52 per cent) say they engage with suspicious emails and SMS.

In addition, 43 per cent of employees say they are not confident in identifying which emails are legitimate and which are scams, and 46 per cent feel the same way about identifying SMS. However, when tested, that number fell even more with only 5 per cent able to correctly identify all the real and scam emails and SMS.

============
============

Jacqueline Jayne, security awareness advocate for APAC at KnowBe4 is concerned about the trend and explained the obvious, major issue is that Australians are unable to identify scam emails and SMS messages which then puts them at a significant risk of getting phished or smished, risking both their security and that of their employer.

"According to the ACCC, Australians lost a record $323 million to scams in 2021 (up a massive 84 per cent from the previous year) and the FBI reported smishing alone in the US cost Americans more than $50 million in 2020 so the potential cost to Australians is huge," Jayne said.

In addition, more than one in 10 admit to using their work email address (14 per cent) and their work phone (14 per cent) for personal activities and one in three (34 per cent) Australian office workers admit to using the same password for more than one account.

Millennials the highest risk

Research reveals that millennial office workers may pose the highest risk as they are more likely than their older counterparts to:

  • Use their work email address for personal activities (millennials - 19 per cent, compared to Gen X - 11 per cent, and baby boomers - 7 per cent);
  • Engage with suspicious emails (millennials - 53 per cent, compared to Gen X - 39 per cent, and baby boomers - 20 per cent) and SMS (millennials - 51 per cent, compared to Gen X - 42 per cent, and baby boomers - 23 per cent);
  • Say they are not confident that they could identify suspicious emails (millennials - 48 per cent, compared to baby boomers -30 per cent) and suspicious SMS (millennials - 50 per cent, compared to 36 per cent); and,
  • Believe that using work email for personal activity is not a security risk to their employer (millennials - 66 per cent, compared to baby boomers - 49 per cent).


Advice to stay safe

Awareness is the number one way to avoid falling for a phishing or spam email, so it is imperative employees are educated to stop and think before they act on anything. Employees need to be very careful of any emails or text messages that encourage to click a link, open an attachment, share login details or change your password.

Here are some examples of the wording used in these tactics:

  • Your credit card has been used in fraudulent activities, update your details now.
  • Open the attachment to see all of the people in your suburb with COVID-19.
  • Click here to claim your $200 shopping voucher.
  • Like, share and comment to go in the draw to win a $50,000 car.
  • Unsubscribe from this mailing list.
  • You can jump the queue for your COVID-19 vaccine, click here.
  • Account Deactivation Notification – click here to confirm your details.
  • You have a new connection request on LinkedIn – click here to find out more.
  • Password change notification – your account has been compromised.
  • Congratulations! You have won a computer – click here to claim your prize.

Jayne further explained that when employees are using their work email address for personal activities such as online shopping, they are much more likely to fall victim of a phishing attack that uses a hook such as delivery delays to entice the victim to click through.

"Having a clear separation between work and personal activities makes it much easier to spot when an email is a scam – if you know you never shop online using your work email address then you know that email from Amazon can’t be real," Jayne concluded.

[Related: AWS expands cloud infrastructure Local Zones in Brisbane and Perth]

newsletter
cyber daily subscribe
Be the first to hear the latest developments in the cyber industry.