One in five (20%) UK employees have downloaded commercially sensitive or confidential company files on a personal device whilst working from home, a new study from gadget insurance firm Protect Your Bubble has found. What is more, of these respondents, 40% admitted that there was either no password protection or up-to-date security installed on these devices, which include desktops, laptops, tablets or smartphones. A further 7% had neither.
The survey of 2000 UK workers across a range of industries examined employees’ experiences during a prolonged period of remote working as a result of COVID-19 lockdown measures. A number of other studies this year have also highlighted that insecure behaviors are prevalent amongst staff working from home, putting organizations at higher risk of cyber-attack.
The new research also revealed that younger employees are more likely to engage in poor cybersecurity practices, with almost 30% of respondents under the age of 24 acknowledging that they had used personal devices for work purposes during the last six months. Of these, 50% said they did not have either password protection or security software installed on such devices.
Older employees were found to have a more disciplined approach to cybersecurity, with the rate of work from home staff handling company data on their personal devices reducing by age, to under 8% for those aged 45-54 and for over 55s.
The sectors which had the worst records for remote staff downloading sensitive or confidential company documents onto personal devices during lockdown were HR (22%), IT and telecoms (21.4%) and finance (21.4%).
A particularly concerning finding was that healthcare had the highest proportion of employees downloading this type of information onto devices with neither password protection or security software installed, reaching almost 20%. This is despite this sector becoming an increasingly lucrative target for malicious actors amid the global pandemic.
James Brown, director at Protect Your Bubble, commented: “It’s clear from the survey responses that many UK businesses need to address their cybersecurity vulnerabilities and adapt their protocols in light of more employees working remotely.
“Along with more thorough staff training and the issuing of company-owned devices, insurance is also key to make sure employees can remain productive while working remotely in the case of loss, theft or accident.”