Employees are constantly bombarded with phishing
Businesses are putting themselves at risk of all kinds of cyber-attacks due to poor practices when it comes to educating and training the workforce.
A new report from Yubico, found less than half (42%) of UK businesses it surveyed held mandatory, frequent, cybersecurity training.
There are many things employees could be taught, which would improve the cybersecurity posture of organizations, the report further suggested. For example, roughly half (47%) often write down, or share their passwords which is one of the most common mistakes when it comes to safeguarding a password.
Resetting the password
Elsewhere, the report found that many workers (33%) allow other people to use their work-issued device, while more than half (58%) use personal devices for work.
A similar percentage (49%) do vice-versa, as well, by using a work-issued device for personal use, which is another cybersecurity red flag. Finally, half (48%) have been exposed to a cyberattack such as phishing, without reporting the incident to their IT and cybersecurity teams.
Even when an employee gets exposed to a cyberattack, their organization does very little to amend the issue. “Very few” companies implemented phishing-resistant cybersecurity methods in response to being targeted, a third (28%) simply had their passwords reset, and just a quarter (28%) were made to attend cybersecurity training.
“Cyber attacks, and how to prevent them, should be top of mind for every organization. However, our research reveals a remarkable disparity between the risks of cyber-attacks and businesses’ attitudes toward them,” commented Niall McConachie, regional director (UK & Ireland) at Yubico.
For McConachie, businesses should deploy multi-factor authentication (MFA) as soon as possible, and consider FIDO2 security keys. The latter “have been proven to be the most effective phishing-resistant option for business-wide cybersecurity”, he says.
“By removing the reliance on passwords, MFA and strong 2FA are more user-friendly and can be used for both personal and professional data security. This is especially important as cyber-attacks are not limited to companies but can directly target customers and employees too.”
One of the most used-used passwords – “123456” – is still in use today, despite being known by virtually every cybercriminal out there, the report concluded.