Following new research by T-Systems (www.t-systems.co.uk), the corporate IT and cyber security arm of Deutsche Telekom, (one of the world’s largest telecoms companies), is warning businesses and other organisations that when employees work from home, poor domestic cyber security is creating an open back door into their networks for hackers.
T-Systems is encouraging businesses to establish comprehensive training and procedures to prevent their security being unexpectedly, but avoidably, compromised causing widespread disruption for their customers, and a damaging loss of reputation.
Key findings from T-Systems’ research (conducted by a respected market research agency into over 2,000 UK employees) include:
- The new research reveals viruses, ransomware, and other malware are at epidemic proportions. Nearly a third of all UK households with a computer reported having suffered problems from malware or stolen passwords in the past 12 months.
- Poor home cyber-security practice amongst employees at home, and widespread device sharing, has created a huge and vulnerable back door for viruses and cyber criminals into businesses’ IT networks.
- The research found the typical UK household has seven smart-phones and computers, and there is widespread sharing of these and their passwords at home, including those also used for work. This exacerbates the likelihood of viruses spreading from family devices onto work email and files.
- The Internet of Things is fast becoming a reality with nearly 30% of working-age households now owning smart wi-fi enabled devices, such as Amazon Echo, Samsung Smart Hubs, security cameras and light bulbs – further extending the opportunities for domestic cyber security problems.
T-Systems expects the number of households with such devices to continue to increase dramatically over the next year, exacerbating the threat as such devices open a whole range of opportunities for cyber criminals and also for the cross-infection of devices at home by viruses.
- Many employers are leaving their employees ill-equipped to prevent cyber security problems at both work and home. 28% of employees report never having received cyber-security training from any employer. Some employers are alert to the danger, with a third of employees reporting having had training in the past 12 months.
Examples of widespread poor cyber-security practice by employees at home revealed in the research includes:
- Up to 17% of employees with computers have no anti-virus protection (as they either have no antivirus software or do not know if it updates), while 12 % use the same password on home and work devices and email.
- 28% of employees send work documents to and from their personal email account, and 32% use their personal phone or computer for work emails.
- Ultimately only 12 % of UK employees were consistently undertaking basic cyber security good practice at home, with 88% undertaking at least one risky activity.
T-Systems warns that the threat to businesses’ IT infrastructure from poor cyber security at home by employees is likely to get worse, and all organisations need to wake up to the need for good cyber-security awareness to be strengthened in all employees… including senior executives.
Scott Cairns, the Head of Cyber Security in the UK for T-Systems, said:
“There has rightly been a great deal of attention focussed on recent cyber-attacks on Parliament, and also high-profile ransomware that has exploited known weaknesses in Windows operating systems, such as WannaCry and Petya.
“Our research highlights the potential danger for organisations of all sizes can begin much closer to home. This originates through a combination of poor home cyber-security, the continued growth in the range and interconnection of smart devices, and the widespread practice of using personal devices for work one minute, and then personal use the next.
“Once one device at home picks up malware, it can easily spread to others on the network. Employees emailing work documents to and from home devices opens the door for malware to be spread throughout the organisation.
“This is particularly alarming for businesses, as our research found nearly a third of all employees have suffered problems at home from malware in the past 12 months. This can be on the very devices employees are regularly using for creation of work documents and email.”
Scott Cairns added: “It is easy to blame employees for this practice, but many do not receive adequate training from their employer, and many get none at all.”
T-Systems advice for businesses is:
- Ensure that all your employees get cyber security training, and that this includes advice on home cyber security problems and good practice.
- In particular, ensure cyber-security training is compulsory for all new employees as part of their induction.
- Continue this education on a regular basis through training and Q&As.
- Have a clear and realistic policy for security measures employees must take if they are to work at home or on their own devices.
- Make it easy for employees to seek help or advice should they believe they have suffered a cyber-attack.