bloomicon - stock.adobe.com
End-users failing to protect themselves online
Remote workers and stuck-at-home consumers are taking silly risks with their security during the coronavirus pandemic, according to a report
The UK’s new army of remote workers are failing to take the necessary precautions to protect their online identity, prioritising convenience and speed of access to online services over their personal security, risking repercussions for their employers.
This is the headline finding of a research study of 4,000 people in the UK and US, which was conducted by pollsters at YouGov on behalf of Callsign, an identity and authorisation specialist. It found worrying levels of overconfidence in the security of people’s credentials – 77% believed their banking passwords were secure, 74% said the same about their online shopping accounts, and 71% about their work network logins.
Ahead of World Password Day on 7 May, Callsign said this went some way to explaining why 52% of online shoppers said that they had no plans to update their passwords, a figure that rises to 54% of remote workers and 55% of online banking customers. However, in what may be a relief to CISOs, the study also found that people were a little more likely to update their work network logons – probably because of IT systems taking the time to remind them to do so every so often.
Amir Nooriala, chief commercial officer at Callsign, said some of the responsibility for addressing this problem must rest with banks, employers and retailers.
“With fraud escalating at a staggering rate, businesses cannot afford to sit back and watch,” he said. “Consumers have enough to worry about regarding the pandemic – their security shouldn’t be one of them. As more and more people shift their lives online, businesses need to take responsibility while encouraging customers and employees to prioritise personal security – without adding in extra cumbersome identity checks.
“Companies must use technology that allow consumers to log in without having to deal with pesky one-time passwords via text messages or long forgotten security questions which could result in them switching provider. With businesses on the brink, they cannot afford to lose customers that way. Instead, they need to make identification and authentication as safe and easy as possible.”
Six weeks after the UK government imposed a national lockdown, the research also highlighted that nearly two-thirds of remote workers were struggling with access to business networks and systems, and a slightly smaller number of online shoppers, resulting in lost man-hours for employers, and time wasted calling retailer customer service teams to resolve issues.
Read more about identity and access management
- UK National Cyber Security Centre and US Cybersecurity and Infrastructure Security Agency say they are seeing large-scale password-spraying campaigns targeting the healthcare sector.
- Find out what CIOs and CISOs need to know to enable their end-users to work remotely and stay secure during the Covid-19 coronavirus crisis, and learn how users can help themselves.
- Videoconferencing apps such as Zoom and Cisco’s WebEx are being targeted by cyber criminals trying to steal users’ personal data.
Related to this, Callsign’s study also identified little patience among consumers for poor online user experiences. Within the past month, one-fifth said they had switched well-used brands for reasons such as complex log-in processes. Consumers also tended to be indifferent to risk – when asked if the pandemic and associated increases in fraud influenced them to use banks or shops with more secure measures, 78% of Americans and 85% of Brits said “no” or “I don’t know”.
The survey also found that one in five UK consumers would overlook online security concerns linked to the use of third-party online merchants if they were buying goods perceived to be in short supply, such as flour or toilet paper.
