Many employee work habits seem innocent but invite security threats

Many employees engage in behaviors that open their organizations to security threats, even though they believe they are risk averse.

A new report from Spanning Cloud Apps, a provider of cloud-based data protection, is based on a survey of more than 400 full-time U.S. employees. It found that more than half (55 percent) admitted to clicking on links they didn’t recognize.

Of survey respondents, 45 percent said they would allow a colleague to use their work computer, and 34 percent were unable to identify an unsecure ecommerce site.

The results paint a picture of a workforce that has a general understanding of security risks, but is underprepared for the increasing sophistication and instance of ransomware and phishing attacks, the report said.



Nearly three quarters of those surveyed demonstrated suspicion of unfamiliar URLs from popular sites, and aversion toward potential malicious links was generally high, with 87 percent demonstrating caution around these URLs.

Employees would rather be “nice” than safe, the study said. Of workers with administrative access, only 35 percent responded that they would refuse to allow a colleague to access their device. And they like to shop from work, with more than 52 percent saying they shop online from their work computer.

Workers are underprepared for sophisticated phishing emails. When presented with a visual example, only 36 percent correctly identified a suspicious link as being the key indicator of a phishing email, the study said.