UK workers exhibit poor security behaviours, report reveals

KnowBe4, a security awareness training platform, has released a new report detailing UK workers’ attitudes and behaviours towards security.

The Tapped out report (“tapped” being an acronym for tired, angry, pissed, pressed, emotional and distracted) looks into 6,000 workers’ habits: specifically, 2,007 full-time working from a remote location, 2,006 full-time working in a hybrid fashion, and 2,003 full-time working from the office.

It studied factors influencing cyber security behaviour, attitudes towards companies’ cyber security, the repercussions of multitasking, and the reasons and problems of external distractions.

Conducted by Censuswide on behalf of KnowBe4, the survey found that more than four in five workers do not always make security-conscious choices yet claim that there are specific times of day when they would be more likely to pay closer attention to cyber security. For instance, over 30% of all workers are more likely to make security-conscious decisions before lunch, rather than after lunch.

The report also found that 21% of full-time office workers do not feel responsible towards their company’s cyber security, as opposed to to 14% of remote or hybrid workers. The biggest factors influencing the poor security behaviours are multitasking and distractions. 

“With email apps easily accessible on our phones, it has become a bad habit among many of us to scroll through our unread messages while on our daily commute, on holiday or even at our local pub late on a Friday evening,” said Javvad Malik, lead security awareness advocate at KnowBe4.

“However, it’s in times like these that we are most likely to be distracted or emotional, and make a mistake – whether by sending off a poorly written email, cc’ing the wrong recipients or clicking on a phishing link. Security awareness training and simulated phishing can reinforce secure behaviours and encourage a strong security culture. Add to this a rise in remote and flexible working, which have seemingly sparked other notable trends, including blurring the lines between work and life.”

Some 47% of hybrid workers have said they have checked their work emails first thing in the morning while still asleep, with 44% of remote workers and 37% in-office workers doing the same. A fifth of all workers have said they have responded to work emails while on the toilet.

Moreover, 8% of those who work remotely and 7% in a hybrid setting are slightly more likely than those who are in the office full time (5%) to have responded to work emails when tipsy, drunk or high.

Almost two in five workers have clicked a link that they should not have when they were distracted, and a third said they had when stressed. Being in the right mindset and having mental clarity will dramatically reduce the chances of mistakes being made such as clicking phishing emails or malicious attachments, explains the report.

While each group – hybrid, remote or in-office – tends to experience different distractions during the workday, deliveries disturbing remote and hybrid workers more (almost a third, compared to 15% for those working in an office), they unanimously agreed that phone notifications and calls were the biggest disruption (39% remote, 45% for hybrid and in-office workers).

“While this survey highlights the changes in our working environment and how employee behaviours might be putting companies at greater risk of a cyber attack or incident, it also provides greater insight into when best to educate the workforce with the necessary security awareness to help them, and their organisations, make better decisions,” said Malik.