The study, carried out by ThycoticCentrify, found that 79% of respondents have engaged in one least one risky activity over the past year. More than a third (35%) have saved passwords in their browser in the last year, a similar number (32%) have used one password to access multiple sites, and around one in four (23%) have connected a personal device to the corporate network.
Virtually all respondents (98%) were aware that individual actions, such as clicking on links from unknown sources or sharing credentials with colleagues, are risky. Despite this, only 16% of respondents felt their organization is at a very high risk of a cyber security attack.
The survey also found that only 44% of respondents received cyber security training in the past year, meaning more than half of the employees surveyed were left to cope alone in cyber security matters while working from home.
The report also found that the top two hurdles that prevent people from getting work done in a working-from-home environment are slow internet connection (44%) and slow work devices (41%).
The survey found that just 29% of those who moved to remote working during the pandemic said they had already returned to the office. Canadians appear most reluctant to return at all, with 18% hoping never to do so, compared to the global average of 9%.
The survey found that small businesses were more at risk. People working in SMBs are least likely to have received cyber security training in the past year.
Just under half (47%) of those who work at companies with more than 5,000 employees underwent cyber security training in the last 12 months compared to 20% of employees at companies with less than 10 staff. In companies with 11 to 50 employees, 32% of those surveyed underwent training in the last 12 months.
“People working in the cyber security sector know how their colleagues should behave when it comes to keeping their devices safe and protecting the wider company. But are these messages getting through?” said Joseph Carson, chief security scientist, and advisory CISO at ThycoticCentrify.
“We’d urge employers to redouble efforts to encourage the best possible digital security practices in staff and remind them of the risks of failing to secure networks. A ransomware attack or major breach has major consequences which can last for years, so every organization needs to establish security processes and work to ensure they resonate with employees.”