According to the latest figures, more than one in four or some 8.9 million workers have now been furloughed in the UK. It means, among other things, that a staggering amount of email inboxes are going unchecked – becoming a source of anxiety for employees and even gathering potential threats daily. In fact, a study conducted by Censuswide on behalf of KnowBe4 examined the attitudes of the British furloughed workforce regarding anxiety or stress, as well as priorities when it came to their email inboxes. It found, first and foremost, that email anxiety is a big problem for furloughed workers as almost 60% of respondents admitted feeling anxious ‘always’, ‘often’ or ‘sometimes’ when thinking about their work inbox. It also found that the phishing emails in furloughed workers’ inboxes could be a potential dormant threat upon return to work.
Anxiety
First, let’s look at the cause for anxiety. The study, titled Furloughed Workers: Threats, Anxiety and Staying Away from Work, showed a range of reasons contributing to this anxiety, with the largest concern being that respondents were missing time-sensitive communications from colleagues and/or clients (50%). This was closely followed by the worry of an accumulation of emails that would need to be filtered upon return to work (49%). Indeed, respondents believed it would take an average of just over two days to sort through their emails once they return to work. Others feared falling behind on work (37%) and around 1 in 10 individuals were wary about losing their jobs entirely.
“Furloughed staff do not know what is happening at work, are uncertain what the impact of the current pandemic is on their employer, do not know when or if their employer will open premises again, and in many cases, do not know whether they will have a job to go back to,” explained Eleanor Deem – founder of face2faceHR, a provider of HR consultancy services to SMEs. “This level of anxiety increases a craving for information which makes avoiding looking at emails very difficult.”
Dormant Threats
The study also highlighted the ill-prepared nature of furloughed employees to tackle the dormant threat of phishing emails upon returning to work. Of the thousand furloughed respondents, 48% confessed to not feeling worried about phishing emails as they believed their “IT team should take care of them”.
The risks that an organisation may fall victim to a cyberattack are further exacerbated by a tendency among employees to prioritise speed over security. Almost half of respondents (47%) admitted that, when resuming work, their main priority would be to sort through emails as quickly as possible and return to business as usual. In contrast, only 38% would carefully filter through their emails and avoid clicking potentially fraudulent links or attachments.
“Though it is clear that tensions and anxieties over emails and keeping jobs is at an all-time high, we have witnessed cyber criminals take advantage of the chaos surrounding the pandemic and remote working to employ new social engineering tactics,” explained Stu Sjouwerman, CEO of KnowBe4. “Therefore, to hear that so many employees would prioritise speed over security is highly concerning, though not surprising. These inboxes are likely to be a minefield filled with phishing threats…One wrong click and an entire organisation risks being compromised.”
Remarkably, an overwhelming majority of respondents (79%) also believed themselves capable of correctly identifying a phishing email. This is in spite of a lack of security awareness training.
In fact, it would appear that cybersecurity has fallen by the wayside for many organisations – with two-thirds of respondents conceding that their employer had not offered any security awareness training course. Of those who did receive training, over half (53%) affirmed that it had been six months or more since the last session. Moreover, a mere 20% thought that their employer would offer a security awareness refresher course upon return to work.
“These findings are concerning as KnowBe4’s research has demonstrated time and again that individuals are often over-confident in their abilities to spot a malicious email. In the most recent 2020 Benchmarking Report, it was found that almost 40% of untrained employees were likely to fall for a phishing email; a figure that continues to grow year on year,” said Javvad Malik, Security Awareness Advocate at KnowBe4. “Without the necessary training, tied with a haste among employees to return to business as usual, organisations may very soon find themselves at the mercy of cybercriminals.”
Other key findings included:
- Healthcare (59%) and Finance (53%) employees were most reliant on IT teams. In contrast, HR and IT & Telecom employees were more security conscientious, with 83% and 69% respectively, recognising that spotting phishing emails was their own responsibility.
- Unsurprisingly, the more employees an organisation has, the more likely the respondent was offered training. Indeed, 47% of respondents from organisations of more than 500 employees were offered training compared to 19% of those from an organisation size of 1-9 employees.
“For businesses seeking to maintain good cyber hygiene in the present environment, there is already a pressing need to ensure that the remote solution for an increasingly peripatetic workforce creates no additional opportunities for threat actors and the accompanying legal risks,” adds Mark Deem, partner at Cooley LLP. “This survey is a timely reminder that – whatever the strict legal position might be concerning whether furloughed staff should be working – businesses need to understand the actual online practices of its workforce, if it is to understand where legal and cyber vulnerabilities might arise.”