The average time it takes for a company to identify and contain a cybersecurity breach is 280 days according to IBM.

With that in mind, we would like to pose a question. Would you be able to identify that your work notebook has been breached in less time?

For those who answered yes, we’re a little bit suspicious but we trust your judgement. For those who answered no, like ourselves, it would serve you well to consider the headline here once again.

Stop using your work notebook or PC for personal things.

This is not a scolding but rather us sharing information with our readers that has been sent to Hypertext by Mimecast.

The email security firm has released a report that takes a look at how employees are using company-issued devices and it is worrying. The report was compiled following interviews with 1 000 respondents in the UK, US, Australia, South Africa, Netherlands, Germany, Canada and United Arab Emirates. All respondents work in a company that have 100 or more employees and have a company-issued device for work.

The headline here is that as regards South Africa, 74 percent of respondents “extensively use their company-issued device for personal matters”. Of that figure, 60 percent said that the frequency with which they use their company device for personal matters increased since working from home.

Mimecast’s report reveals what activities folks admitted to using their work devices for. These include:

  • Personal email – 66 percent
  • Financial transactions – 52 percent
  • Online shopping – 51 percent

What boggles the mind here however is the following excerpt from Minecast’s press release.

“68 percent of South African respondents said there was a risk to checking personal email as the cause of a serious security mistake, and 70% thought surfing the web or online shopping could likely cause an incident,” Mimecast wrote.

We’re not angry, just mightily disappointed that despite knowing the risks, folks still ignore the rules.

“This research shows that while there is a lot of awareness training offered, most of training content and frequency is completely ineffective at winning the hearts and minds of employees to reduce today’s cyber security risks,” says vice president of threat intelligence at Mimecast, Josh Douglas.

“Better training is crucial to avoid putting any organisation at risk. Employees need to be engaged, and trainings need to be short, visual, relevant and include humour to make the message resonate,” added Douglas.

Most concerning is that the more tech-savvy respondents who fall into the 16 – 24 age group were as unabashed, if not more, about using company gear for personal matters compared to older people.

A staggering 73 percent of 16 – 24 year old respondents admitted to opening emails even though they looked suspicious.

As we mentioned at the top of this piece, it takes months, and even years to detect a breach and by visiting ultimatecattoysandtotallynotmalwaredelivery.com on your work computer, you are putting your company at risk.

“With everyone’s home becoming their new office, classroom and place of residence, it’s not really a surprise that employees are using their company-issued devices for personal use. However, this is also a big opportunity for threat actors to target victims in new ways. We’ve seen attacks become more aggressive and the attack surface has expanded due to the new ‘WFH’ or hybrid work environments,” adds Douglas.

While it might seem innocent to check your mail and do a bit of online shopping while you’re at work or using your work computer, the risk of clicking a link you shouldn’t is immense.

You can find the full report from Mimecast here.

[Image – CC 0 Pixabay]