The average time it takes for a company to identify and
contain a cybersecurity breach is 280 days according to IBM.
With that in mind, we would like to pose a question.
Would you be able to identify that your work notebook has been breached in less
For those who answered yes, we’re a little bit suspicious
but we trust your judgement. For those who answered no, like ourselves, it
would serve you well to consider the headline here once again.
Stop using your work notebook or PC for personal things.
This is not a scolding but rather us sharing information
with our readers that has been sent to Hypertext by Mimecast.
The email security firm has released a report that takes
a look at how employees are using company-issued devices and it is worrying.
The report was compiled following interviews with 1 000 respondents in the UK,
US, Australia, South Africa, Netherlands, Germany, Canada and United Arab
Emirates. All respondents work in a company that have 100 or more employees and
have a company-issued device for work.
The headline here is that as regards South Africa, 74
percent of respondents “extensively use their company-issued device for
personal matters”. Of that figure, 60 percent said that the frequency with
which they use their company device for personal matters increased since
working from home.
Mimecast’s report reveals what activities folks admitted
to using their work devices for. These include:
Personal email – 66 percent
Financial transactions – 52 percent
Online shopping – 51 percent
What boggles the mind here however is the following
excerpt from Minecast’s press release.
“68 percent of South African respondents said there was a
risk to checking personal email as the cause of a serious security mistake, and
70% thought surfing the web or online shopping could likely cause an incident,”
We’re not angry, just mightily disappointed that despite
knowing the risks, folks still ignore the rules.
“This research shows that while there is a lot of
awareness training offered, most of training content and frequency is
completely ineffective at winning the hearts and minds of employees to reduce
today’s cyber security risks,” says vice president of threat intelligence at
Mimecast, Josh Douglas.
“Better training is crucial to avoid putting any
organisation at risk. Employees need to be engaged, and trainings need to be
short, visual, relevant and include humour to make the message resonate,” added
Most concerning is that the more tech-savvy respondents
who fall into the 16 – 24 age group were as unabashed, if not more, about using
company gear for personal matters compared to older people.
A staggering 73 percent of 16 – 24 year old respondents
admitted to opening emails even though they looked suspicious.
As we mentioned at the top of this piece, it takes
months, and even years to detect a breach and by visiting
ultimatecattoysandtotallynotmalwaredelivery.com on your work computer, you are
putting your company at risk.
“With everyone’s home becoming their new office,
classroom and place of residence, it’s not really a surprise that employees are
using their company-issued devices for personal use. However, this is also a
big opportunity for threat actors to target victims in new ways. We’ve seen
attacks become more aggressive and the attack surface has expanded due to the
new ‘WFH’ or hybrid work environments,” adds Douglas.
While it might seem innocent to check your mail and do a
bit of online shopping while you’re at work or using your work computer, the
risk of clicking a link you shouldn’t is immense.
Article featured in
Hypertext by Brendyn Lotz