- New research from Menlo Security reveals that 80% of workers in the U.S. and U.K. are concerned about personal data being stolen while online shopping for holidays
Research launched by Menlo Security, a leader in cloud security, reveals increased cybersecurity risks posed to employees and organizations during the 2021 holiday shopping season. The new research which surveyed 2,000 employed people in the United States and the United Kingdom – found that while employees are concerned about threats and are taking some measures to mitigate them, they often have false confidence in their security posture.
“Workers are becoming increasingly aware of the threats that loom while browsing the web, however they have a false sense of security about the level of protection they have when using corporate devices. As a result, they are unintentionally exposing their corporate networks to a slew of vulnerabilities”
There are now more threats to corporate devices and networks than ever as hybrid work models blur the boundaries between work and home. More than half of respondents (56% U.S.; 53% U.K.) reported performing non-work-related tasks such as online shopping on company devices. Furthermore, the survey found that 65% of people in the U.S. (63% U.K.) are doing more online holiday shopping in 2021 compared to previous years, and nearly half of respondents (48% U.S.; 45% U.K.), reported shopping for gifts this holiday season on a work-issued device such as a laptop or mobile phone.
HR Technology News: UHSM Health Share Leads KidWorks’ New Program That Encourages Healthy Conversations Around Faith
Workers are also noticing a rise in cyber threats this holiday season, with 58% of respondents in the U.S. (48% U.K.) observing an increase in scams and fraudulent messages, exemplifying that threats are rampant worldwide. This is worrying many people, as the vast majority of respondents (80% U.S. & U.K.) report being somewhat to very concerned about their personal data being stolen while online shopping.
However, despite workers’ recognition and concern of cyber threats, 60% of people (65% U.K.) still believe they’re secure from cyberthreats if they’re using a company device.
“Workers are becoming increasingly aware of the threats that loom while browsing the web, however they have a false sense of security about the level of protection they have when using corporate devices. As a result, they are unintentionally exposing their corporate networks to a slew of vulnerabilities,” said Mark Guntrip, senior director, cybersecurity strategy at Menlo Security. “More employees are using company-issued devices for not only work, but also personal tasks like shopping and banking, which is putting entire networks at risk of being breached. To mitigate this risky behavior, organizations must make it a priority to adopt a Zero Trust security approach to prevent cyberattacks before they happen and ensure that they’re protected if they do fall victim to bad actors.”
Workers depend on laptops, mobile devices, and the web to conduct work no matter where they’re located and many of these tasks are being done in the browser. The Menlo Security survey found that 76% of people (70% U.K.) spend one or more hours in a browser each day conducting work tasks. An industry report from Forrester and Google found that business users spend 75% of their workday either working in a web browser or attending virtual meetings which is in turn making them susceptible to hackers who lurk on the web.
HR Technology News: Concentra Analytics Adds Strategic Workforce Planning to Its Portfolio of Software Solutions With Acquisition of Dynaplan
The research also shows that:
- Employees are aware of potential threats: Out of various online threats, malware is the most recognized in both the U.S. and U.K. (mentioned by 76% of U.S. respondents & 81% in the U.K.). This was followed by ransomware, with 61% of U.S. & U.K. respondents reporting Organizations they are aware of this threat; credential phishing at 40% U.S. & 45% U.K.; and HTML smuggling at 19% U.S. & 16% U.K. A total of 16% of respondents (12% U.K.) were not familiar with any of these cyber-attack methods.
- Employees are taking some measures to protect themselves: Strong passwords were the most popular protective measure reported by respondents globally (75% U.S; 71% U.K.), and 58% of people (59% U.K.) reported they are using anti-virus software to protect themselves when shopping online. Other protective measures include shopping only on websites of familiar retailers (55% U.S. & U.K.), confirming that URLs/emails do not have suspicious characters (43% U.S.; 37% U.K.), checking for the lock next to a URL (40% U.S.; 46% U.K.), and having a dedicated card for online shopping (28% U.S.; 20% U.K.). Only 4% (3% U.K) claim that they do not take any of these protective measures while shopping online.
- Generational trends impact shopping habits: The youngest Organizations workers (18-24 years old) most often reported an increase in holiday shopping this season (76% U.S.; 79% U.K.). There was a lower percentage for each subsequent age group, with 68% (71% U.K.) for those 35-44, and only 40% (39% U.K.) for those over 65 years old. Younger generations may also be more attuned to cyber-threats, with younger groups more often reporting they have noticed an increase in scams/fraudulent messages.
Menlo Private Access
Menlo Security has a clientless-first approach to implementing Zero Trust Network Access, enabling organizations to secure access to applications from all devices – including managed, unmanaged, and mobile devices. This approach minimizes the workload on IT and security for deployment, while maximizing the security posture of the company. The clientless-first approach can be augmented with a client for use cases that specifically require client-based access.
Unlike many ZTNA solutions that cannot monitor traffic being sent and received between an end user and a controlled application, Menlo Private Access ensures that security policy is always enforced by remaining inline between the end user and protected applications; utilizing our Elastic Isolation Core as a control point to prevent sensitive data loss and stop potential malware from reaching the endpoint.