Mimecast Research: Half of Workers Admit to Opening Emails They Considered Suspicious
Mimecast Limited (NASDAQ: MIME) released research indicating that traditional awareness training has minimal effect on enhancing organizational security. Over 1,000 global respondents were surveyed, revealing that 73% use company devices for personal activities, with almost half admitting to engaging with suspicious emails. Despite 96% awareness of potential threats, actual safe behavior is lacking. The younger workforce is notably at risk, with 60% of those aged 16-24 opening dubious emails. This underscores the need for more effective training strategies to reduce cyber risks.
- 96% of respondents claim awareness of email threats.
- Mimecast's training shows 5.2 times reduction in link clicks among trained users.
- 73% of employees use company devices for personal matters, increasing security risks.
- 45% of respondents admitted to opening suspicious emails.
- 60% of respondents from the US and 61% from UAE opened emails they considered suspicious despite training.
‘Check the Box’ Awareness Training has Little Impact on an Organization’s Security Posture
LEXINGTON, Mass., Oct. 27, 2020 (GLOBE NEWSWIRE) -- Mimecast Limited (NASDAQ: MIME), a leading email security and cyber resilience company, today released new research which highlights the risky behavior of employees using company-issued devices. More than 1,000 respondents in countries throughout the globe were asked about their use of work devices for personal activities and how aware they are of today’s cyber risks. The results highlighted the need for better awareness training, as people are clicking on links or opening suspicious emails despite having been trained.
Earlier this year, an urgent request for IT teams across the globe was to ensure the efficient issuance of laptops and other computing devices to employees, as much of the workforce started working remote due to the novel coronavirus pandemic (COVID-19). A key priority for IT professionals was to then ensure their IT and security policies were ready for the rush to remote work.
The Blurring of Personal and Professional Life
Mimecast’s research found that
Awareness Training Doesn’t Always Mean Correct Behavior
Encouragingly,
“This research shows that while there is a lot of awareness training offered, most of training content and frequency is completely ineffective at winning the hearts and minds of employees to reduce today’s cyber security risks,” said Josh Douglas, vice president of threat intelligence. “Better training is crucial to avoid putting any organization at risk. Employees need to be engaged, and trainings need to be short, visual, relevant and include humour to make the message resonate. In fact, Mimecast has found that end-users who have taken Mimecast Awareness Training are 5.2 times less likely to click on dangerous links. Awareness training can’t be just another check-the-box activity if you want a security conscious organization.”
The Younger Generation Can Be an Organization’s Greatest Risk
Despite being the most tech savvy generation, younger workers may be putting organizations at greater risk. Surprisingly almost 60 percent of the 16-24 age group admitted to opening emails even though they looked suspicious. This group is also more guilty of blurring the lines between their business and personal usage of these devices. Seventy-nine percent of the 16-24 age group reported using their issued devices for personal use, while only
“Security professionals need to ensure their organization isn’t growing more exposed as threats evolve to better target the unsuspecting,” commented Douglas. “With everyone’s home becoming their new office, classroom and place of residence, it’s not really a surprise that employees are using their company-issued devices for personal use. However, this is also a big opportunity for threat actors to target victims in new ways. We’ve seen attacks become more aggressive and the attack surface has expanded due to the new ‘WFH’ or hybrid work environments.”
Respondents averaged 1.9 hours of personal activity on their work devices a day, with almost a quarter (
The research also revealed how habits differ between males and females. Seventy-eight percent of men reported using their corporate device for personal business versus
Methodology
Data was collected by Censuswide in September 2020 with more than 1,000 respondents from organizations in the United Kingdom, United States (US), Australia, South Africa, Netherlands, Germany, Canada and United Arab Emirates (UAE). Organizations included have greater than 100 employees and currently have a company-issued mobile device, laptop or computer for work.
Download the full Company-Issued Computers: What are Employees Really Doing with Them? eBook.
Mimecast: Relentless protection. Resilient world.™
Mimecast (NASDAQ: MIME) was born in 2003 with a focus on delivering relentless protection. Each day, we take on cyber disruption for our tens of thousands of customers around the globe; always putting them first, and never giving up on tackling their biggest security challenges together. We are the company that built an intentional and scalable design ideology that solves the number one cyberattack vector – email. We continuously invest to thoughtfully integrate brand protection, security awareness training, web security, compliance and other essential capabilities. Mimecast is here to help protect large and small organizations from malicious activity, human error and technology failure; and to lead the movement toward building a more resilient world. Learn more about us at www.mimecast.com.
Mimecast Social Media Resources
LinkedIn: Mimecast
Facebook: Mimecast
Twitter: @Mimecast
Blog: Cyber Resilience Insights
Press Contact
Alison Raymond Walsh
Press@Mimecast.com
617-393-7126
Investor Contact
Robert Sanders
Investors@Mimecast.com
617-393-7074
FAQ
What does the Mimecast research reveal about employee cyber behavior?
How many respondents use company devices for personal activities?
What percentage of younger employees open suspicious emails?
How effective is Mimecast's awareness training?