Employees widespread ‘cyberloafing’ habits putting company security at risk says new research

New research has revealed that employees’ cyberloafing habits on work computers not only waste precious work hours but also put their firms at risk as they are less likely to follow IT security protocols while surfing the web.

Firms need to educate their workers about cyber risks to ensure that sensitive data isn’t compromised because of the latter’s’ cyberloafing habits.

A new paper published by Dr Lee Hadlington at the Leicester-based De Monfort University has revealed how widespread cyberloafing habits of employees during work hours can effectively compromise the security of their establishments. This is mainly because employees are less likely to follow IT security practices and protocols while surfing the web, clicking on various links and visiting social media platforms.

A survey of 338 part-time and full-time workers aged 26-65 years by the University revealed that the more employees surf the web during work hours, the less likely they are to follow their firms’ IT security protocols.

‘Typically, people undertaking more serious cyberloafing were less aware of how to stay safe online and how to protect sensitive information. One reason for this could be that they are so determined to get online they don’t want to pay attention to information about online safety and ignore the risks. On the other hand, they may believe their companies can protect themselves from anything that might happen as a result of risky behaviour,’ Dr Hadlington noted.

The fact that every single firm in the UK has cyberloafing workers to a greater or lesser degree makes it essential for them to impart effective cyber security training to ensure that such workers do not click on unknown links or visit unsecured websites while surfing the web.

Researchers have proved time and again that solutions like perimeter security or anti-malware technologies cannot prevent every malware or hacker lurking around on the web. As such, ensuring safe online behaviour will go a long way in securing a firm’s IT systems as well as sensitive customer data.

According to Dr Hadlington, ‘providing effective training that empowers employees to identify aspects of internet abuse and seek help could be a more effective management tool’ compared to applying strict penalties for serious rule breaking. ‘Helping workers understand the risks of their actions might be more beneficial, particularly where these are communicated through focus groups and talks,’ he adds.

Another effective way of keeping enterprise data secure despite the presence of cyberloafing workers is the adoption of formal BYOD policies by organisations. While BYOD policies encourage employees to bring their own devices to their workplace, they also involve educating employees about the risks around usage of unsecured Wi-Fi hotspots, usage of social media apps, ensuring password hygiene, and the importance of separating personal and corporate data on their devices.

According to research by M-Files, at least 23% of businesses in the UK suffered data breaches in the past year because of non-compliance with company security policies by their employees.

‘Going against company policies on sharing and accessing documents may seem relatively harmless, but it can have costly consequences, leaving organisations exposed to heightened security risks and compliance issues. With GDPR on our doorsteps it’s critical that organisations maintain control and visibility of their documents and information handling practices,’ said Julian Cook, VP of UK business at M-Files.