It’s conventional wisdom that human error is one of the largest contributors to cyber insecurity. New research from Courion bears this out: it shows that as many as one third of UK professionals are likely to consider risky behaviors that endanger or undermine data protection.
The results suggest a general lack of awareness of basic data protection policies and worrying behaviors such as snooping on sensitive personal information about customers (21% said that they would) and sharing work login details with colleagues (39% do this, despite regular warnings about protecting passwords).
This is more pronounced in younger employees; the younger Millennial generation is sometimes twice as likely to be more cavalier with their access habits. For example, 30% of the 18 to 24 years old respondents in the survey said they would snoop on sensitive customer data at work, compared to only 12% of the 45 to 54 year-old employees.
“The results point to a worrying lack of understanding of the importance of adhering to strict data protection guidelines,” said Chris Zannetos, CEO and founder of Courion, in a statement. “As organizations are opening their networks to an increasing number of external users and employees, ensuring tougher controls on how access to sensitive data is granted, monitored and controlled is vital to preventing security breaches.”
The research also revealed that men are more reckless than women when it comes to breaching their employer’s data protection policies. Male employees are twice more likely to access the database of an old employer if they still have access rights, and more likely to pass on confidential information for money or if they feel they’ve been treated unfairly (36% men vs. 21% women).
About 30% of employees would pass on confidential information about their employer if they suspected they were involved in illegal activity. And a third (33%) of UK professionals would consider accessing a previous employer’s data with an old password to help them with a new job.
Another significant finding has to do with the perception of cyber-attackers. While the majority of the respondents recognize that hackers are criminals, one in five believe hackers do a worthwhile job by exposing security defects that should have been fixed by organizations. In fact, 27% of UK professionals believe that the Morrisons employee was right to steal payroll data in the security breach that took place in March this year.
Notably, again the younger generation over-indexes: it holds this view more than their older counterparts, with a quarter of 18–24 respondents supporting this view.
The research was conducted by OnePoll and based on surveying 1000 UK employees who have access to customer data at work.