Irresponsible online behaviours opening up UK businesses to substantial cyber threat

null

Believe it or not, recent statistics prove that at least two in five companies have witnessed employees indulging in adult content as a result of unrestricted access to the internet. In fact, a new study by OneLogin has revealed the scale of the online freedom given to employees, with as much as 76% of companies in the UK allowing a proportion of their workforce unrestricted access to the internet. The study highlighted the detrimental impact that unrestricted internet access is having on UK businesses who are trusting their staff with free reign online and are leaving themselves vulnerable and putting their corporate data at risk as a result.   

The study surveyed 605 IT professionals and found that not only have 41% identified a high percentage of their company’s employees watching adult content, 45% have also seen a high-percentage of employees visiting gaming and gambling websites, and 37% have detected phishing website use. This kind of behaviour is not only a colossal waste of UK productivity, but also a cyber-security nightmare that could leave an abundance of confidential files in the wrong hands. 

Licence to Roam 

Technology has transformed our lives dramatically over the last twenty years, from how we purchase goods to how we consume media platforms. Never have we had such easy access to a vast, far-reaching world of information and entertainment through the internet. However, for all the benefits that these improvements have brought us in terms of convenience and quality, they have also raised new challenges for businesses. 

People in the UK are spending more time than ever accessing risky materials online and this has inevitably transitioned into the workplace. These websites represent a major threat to cyber-security because they are often plagued with downloadable materials and adverts that are embedded with viruses and other harmful malware.

For example, experts have recently warned the millions of Pornhub users to be careful, after it emerged that cyber-criminals were targeting the website with a highly dangerous ‘Kotver malware’ that was cleverly masked through pop-up ads. This use of ‘malvertising’ on legitimate websites has become incredibly popular among hackers. Accessing these materials within the workplace can be catastrophic, leaving company networks far more susceptible to phishing scams and viruses, which can be incredibly costly to remediate.   

Cyber concerns 

There are plenty of examples of this risk becoming a reality. 2017 saw a host of devastating cyber-attacks on major companies such as Deloitte and Equifax, as hackers stole information about thousands of customers. The thought of confidential documents and people’s personal details getting into the wrong hands is a harrowing one, and it’s likely to become a far greater issue in 2018. Companies that allow their staff unrestricted access to the internet are in grave danger of placing their names next on the list of cyber hacking victims.   

According to the survey respondents, 67% of businesses neglect to invest in single sign-on (SSO) solutions, and 54% don’t use a domain name filtering system. To avoid a descent into the further chaos that hacks create, businesses need to focus their attention on controlling the content that is being accessed via the corporate network and evolve cybersecurity strategies to reflect modern employee needs. SSO solutions, for example, help to keep information secure by using policy-driven password security and multi-factor authentication to ensure that only authorised users have access to sensitive data, while domain name filtering blocks access to potentially dangerous websites based on a business’s specific criteria. 

The GDPR perspective 

If such shortcomings are to continue, this level of neglect shown by IT Managers could also land the organisations they work for with hefty fines when the General Data Protection Regulation (GDPR) comes into effect on 25th May. Failure to comply with the regulation could inflict penalties of up to €20 million, or 4% of a business’s annual turnover, depending on which is higher. Leaving employees to their own devices on the internet, so to speak, may seem like a relatively harmless policy, but considering it could result in such significant financial damage for organisations, it is worth considering whether turning a blind eye is the correct approach after all. 

In addition to the financial burden of a fine from non-compliance with GDPR, significant reputational damage could ensue for any organisation who disregards the severity of a data breach. According to a study undertaken by Forbes Insight in 2016, 46% of organisations have suffered damage to their reputations and brand value as a result of a data breach. Those who avoid implementation of the preventative measures necessary to combat breaches, leave themselves highly exposed to this level of reputational damage. With data security currently being such a hot topic, it is obvious there is no room for organisations to be complacent about the impact of non-compliance without running the risk of losing their loyal customer base. 

Train your way out of trouble 

To prevent the situation worsening, businesses must place an emphasis on educating their employees on the hazardous consequences of high-risk websites in order to raise awareness. This must be partnered with regular employee phishing assessments, due to phishing attacks becoming one of the most common forms of successful cyber-attacks. By doing so, businesses are able to identify who in their organisation is most liable to click on harmful emails, and help those who aren’t as tech-savvy to be aware of what exactly a phishing email is. Worryingly, nearly two thirds (62%) of the study respondents admitted their business fails to conduct employee phishing assessments, and more than a third (36%) don’t invest in security education.   

As data breaches are regularly covered on the front pages of our newspapers, cyber-security is becoming a common topic of discussion in the boardroom and on the street, but companies are still failing to properly enforce sanctions on internet access in the workplace. Unless the appropriate security measures are enforced, every business is at risk of suffering seriously damaging consequences.   

Stuart Sharp, Global Director of Solution Engineering at OneLogin 

Image Credit: Pavel Ignatov / Shutterstock