New research finds 46% of Kiwi workers believe their workplace is vulnerable to a cyberattack
- 40% of Kiwi workers are concerned they will fall victim to a scam or phishing attempt on their work devices.
- Almost a third (29%) don’t know how to prevent themselves from falling victim to a phishing attempt at work.
- One in five (22%) admit to using non-approved software, apps or devices at work
- Just under half (42%) are worried about their personal information being stolen as part of a cyber attack on their workplace
Almost half of workers in New Zealand believe their workplace is vulnerable to a cyberattack, according to the latest Employee Sentiment Index by HR technology platform ELMO Software.
Even more worryingly, the survey of 500 Kiwi workers found just under a third of employees don’t know how to prevent themselves from falling victim to a phishing attack at work.
After a spate of high-profile hacks over recent years, almost half of workers are now worried about their personal information being stolen as part of a cyberattack on their workplace, the survey found.
But despite the lack of confidence among employees, less than half say their workplace offers training courses or education to help prevent an attack.
ELMO Software CEO Joseph Lyons says the survey findings should serve as a wake-up call for New Zealand’s business leaders.
“It’s alarming to see that a third of New Zealand’s workforce don’t feel equipped to stop themselves from being duped by a hacker at work, ” he says. “But what’s most concerning is the fact that half of businesses are overlooking one of the most crucial methods to prevent attacks – training their staff.
“Given the financial and reputational risks, not to mention the impact on employees’ data, businesses need to seriously consider whether they have the right technology and training in place to keep their organisations secure.
“Last year, we helped deliver cybersecurity training courses to over 15,000 employees across Australia and New Zealand. We’ve seen the appetite for these courses increase over recent years, but many businesses might still be overlooking the importance of regular training.”
The Index found that Baby Boomers are particularly concerned. More than half (53%) believe their workplace is vulnerable to a cyberattack, compared to just 23% of Gen Z.
But conversely, it’s Gen Z who are the least likely to know how to prevent a phishing attack, according to the respondents. Only 50% of Gen Z employees said they’d know how to spot a phishing attack, compared to 75% of Millennials and Gen X, and 65% of Baby Boomers.
Mid-sized business less likely to take preventative action
Almost two thirds of employees say their business has IT security measures in place such as firewalls or antivirus software and a further 55% have cybersecurity policies/protocols to help prevent an attack.
However, training courses/education are in place for only 43% of respondents and even fewer (25%) say their businesses use simulated phishing attacks to help test their knowledge.
The survey found that larger organisations (200+ employees) were more likely to employ all of the prevention methods respondents were surveyed about, but one of the most marked differences was in the number of businesses providing learning courses.
Only 30% of employees in businesses with less than 200 staff say their organisation provides staff with training, compared to 66% of workers at businesses with 200+ staff.
Lyons says: “Mid-sized business leaders might think they’re less of a target compared to bigger, well-known organisations. But falling into that trap could be leaving them exposed.
“Regardless of size, being targeted by an attack is a very real possibility and it’s something every C-suite leader needs to be thinking about.
“Cybersecurity is no longer the sole responsibility of IT departments, especially given the rise in attacks that target human vulnerability. HR leaders need to be working alongside their IT and Finance counterparts to develop continuous training and ensure the employee data they hold is kept secure.”
The rise of shadow IT
The survey findings also highlight a major challenge for businesses trying to mitigate the risk of an attack. One in five (22%) of employees admit to using apps, software or devices that haven’t been approved by their company.
Known as shadow IT, the temptation for workers to use software that hasn’t been vetted by their employers makes it impossible for a business to get a handle on their risks or take action in the event of an attack.
Carmen Nunez, ELMO’s Senior Information Security Manager, says having the right people, tools and organisational controls are all key to ensuring software has been vetted and approved.
“The risk of employees downloading unauthorised applications into a company’s corporate environment is very real,” she says. “Employees may be tempted to sign up for free trials and upload valuable company information without considering the risk.
“This type of behaviour can lead to malware and ransomware attacks, as well as other cyber threats. Imagine trying to determine the source of an attack if the IT department doesn’t have visibility across the company.
“Mitigating these risks requires an approach that spans people, processes and tools. Supplier security and employee education, as well as having the right tools to quickly detect and disable unauthorised applications, are at the core of our ISO 27001:2022 certification.”