According to ELMO, even more worryingly, the survey of 1000 Australian workers found just under a third of employees “don’t know how to prevent themselves from falling victim to a phishing attack at work”.
The survey - based on feedback from just over 1000 Australian workers surveyed last month - found that after a spate of high-profile hacks over recent years, more than half of workers are now worried about their personal information being stolen as part of a cyberattack on their workplace - but despite the lack of confidence among employees, less than half say their workplace offers training courses or education to help prevent an attack.
ELMO Software CEO Joseph Lyons says the survey findings should serve as a “wake-up call for Australia’s business leaders”.
|
|
“It’s alarming to see that a third of Australia’s workforce don’t feel equipped to stop themselves from being duped by a hacker at work, ” Lyons says. “But what’s most concerning is the fact that half of businesses are overlooking one of the most crucial methods to prevent attacks - training their staff.
“Given the number of workers who are worried about the personal data their employers have on file, businesses need to seriously consider whether they have the right technology in place to store information securely and prevent it from being accessed by third parties.
“But it doesn’t stop at technology, training is also key. Last year, we helped deliver cybersecurity training courses to over 15,000 employees across Australia and New Zealand.”
ELMO notes that the Index found that cyber fears are far more prevalent among the older generation of workers, and Baby Boomers are particularly worried, with 54% feeling concerned about being scammed on their work devices compared to just 38% of Gen Z respondents.
“However, while Millennial workers are the most confident about knowing how to prevent a phishing attack, they’re also the most guilty of using non-approved apps or software (33%; cf. Average 26%),” the survey notes.
ELMO says the survey findings also highlight a major challenge for businesses trying to mitigate the risk of an attack, and just over a quarter (26%) of employees admit to using apps, software or devices that haven’t been approved by their company.
“Known as shadow IT, the temptation for workers to use software that hasn’t been vetted by their employers makes it impossible for a business to get a handle on their risks or take action in the event of an attack,” cautions ELMO.
Carmen Nunez, ELMO’s Senior Information Security Manager, says having the right people, tools and organisational controls are all key to ensuring software has been vetted and approved.
“The risk of employees downloading unauthorised applications into a company’s corporate environment is very real,” she says. “Employees may be tempted to sign up for free trials and upload valuable company information without considering the risk.
“This type of behaviour can lead to malware and ransomware attacks, as well as other cyber threats. Imagine trying to determine the source of an attack if the IT department doesn’t have visibility across the company.
“Mitigating these risks requires an approach that spans people, processes and tools. Supplier security and employee education, as well as having the right tools to quickly detect and disable unauthorised applications, are at the core of our ISO 27001:2022 certification,” Nunez concluded.
ELMO also reports that the survey found that larger organisations (200+ employees) were more likely to employ a full range of cybertattack prevention methods such as training courses, simulated phishing attacks, processes to flag suspicious activity and company policies/protocols - and only 36% of employees in businesses with less than 200 staff say their organisation provides staff with training, compared to 64% of workers at businesses with 200+ staff, while 18% of businesses with less than 200 employees use simulated phishing attacks to prepare employees, compared to 35% of businesses with 200+ employees.
“Mid-sized business leaders might think they’re less of a target compared to bigger, well-known organisations. But falling into that trap could be leaving them exposed.
“Regardless of size, being targeted by an attack is a very real possibility and it’s something every C-suite leader needs to be thinking about.
“Cybersecurity is no longer the sole responsibility of IT departments, especially given the rise in attacks that target human vulnerability. HR leaders need to be working alongside their IT and Finance counterparts to develop continuous training and ensure the employee data they hold is kept secure,” ELMO concludes.
