Employees accessing pornographic and gambling websites putting businesses at risk
A large number of businesses in the UK have been rendered vulnerable to cyber crimes by employees who regularly access pornographic and gambling websites on their work computers.
Employees who do not abide by cyber hygiene practices at work and visit pornographic and gambling websites on work computers cost their firms £2.5m for every instance of data breach.
A survey of 600 IT leaders by access management firm OneLogin has revealed how businesses across the UK have been rendered vulnerable to cyber crimes by employees who regularly access pornographic and gambling websites on their work computers. Out of those surveyed by the firm, 41% and 45% said they caught employees accessing either pornographic content or gambling websites on their work computers.
A majority of those who visit gambling websites do so in order to place their bets on live or upcoming football matches or horse races. Even though some employees may consider such behaviour as harmless or absorbing a very small percentage of their work hours, such behaviour also sets them up for orchestrated phishing attacks and malware injections by cyber criminals.
Such behaviour is further fueled by the fact that 29% businesses do not monitor web traffic on work computers and 36% firms do not educate their employees about cyber hygiene or internet security practices.
‘Organisations appear to be taking the risky approach of simply relying on employees to use their common sense when it comes to cybersecurity, leaving valuable corporate data easily accessible to cybercriminals looking for the easiest way into the corporate network. These security shortcomings can lead to significant costs, since the average cost for a UK company to remediate a data breach is £2.5 million.’ said a spokesman from OneLogin.
According to Alvaro Hoyos, the CISO at OneLogin, emphasis must be placed on IT and security training for employees to ensure organisations are not exposed to cyber criminals because of their cyber behaviour.
Earlier this month, a paper published by Dr Lee Hadlington at the Leicester-based De Monfort University revealed how widespread cyberloafing habits of employees during work hours effectively compromise the security of their establishments. A survey of 338 part-time and full-time workers aged 26-65 years by the University revealed that the more employees surfed the web during work hours, the less likely they were to follow their firms’ IT security protocols.
‘Typically, people undertaking more serious cyberloafing were less aware of how to stay safe online and how to protect sensitive information. One reason for this could be that they are so determined to get online they don’t want to pay attention to information about online safety and ignore the risks. On the other hand, they may believe their companies can protect themselves from anything that might happen as a result of risky behaviour,’ Dr Hadlington said.
According to research by M-Files, at least 23% of businesses in the UK suffered data breaches in the past year because of their employees’ non-adherence with company security policies.
‘Going against company policies on sharing and accessing documents may seem relatively harmless, but it can have costly consequences, leaving organisations exposed to heightened security risks and compliance issues. With GDPR on our doorsteps it’s critical that organisations maintain control and visibility of their documents and information handling practices,’ said Julian Cook, VP of UK business at M-Files.