Lack of cybersecurity training is leaving businesses at risk

News
By Sead Fadilpašić
published

Employees are constantly bombarded with phishing

A man's fingers type at a keyboard, with a digital security screen with a lock on it overlaid.
(Image credit: Shutterstock / Thapana_Studio)

Businesses are putting themselves at risk of all kinds of cyber-attacks due to poor practices when it comes to educating and training the workforce.

A new report from Yubico, found less than half (42%) of UK businesses it surveyed held mandatory, frequent, cybersecurity training. 

There are many things employees could be taught, which would improve the cybersecurity posture of organizations, the report further suggested. For example, roughly half (47%) often write down, or share their passwords - which is one of the most common mistakes when it comes to safeguarding a password. 

Resetting the password 

Elsewhere, the report found that many workers (33%) allow other people to use their work-issued device, while more than half (58%) use personal devices for work. 

A similar percentage (49%) do vice-versa, as well, by using a work-issued device for personal use, which is another cybersecurity red flag. Finally, half (48%) have been exposed to a cyberattack such as phishing, without reporting the incident to their IT and cybersecurity teams. 

Even when an employee gets exposed to a cyberattack, their organization does very little to amend the issue. “Very few” companies implemented phishing-resistant cybersecurity methods in response to being targeted, a third (28%) simply had their passwords reset, and just a quarter (28%) were made to attend cybersecurity training. 

“Cyber attacks, and how to prevent them, should be top of mind for every organization. However, our research reveals a remarkable disparity between the risks of cyber-attacks and businesses’ attitudes toward them,” commented Niall McConachie, regional director (UK & Ireland) at Yubico.

Read more

> What is phishing and how dangerous is it?

> Everything you need to know about phishing

> Here are the best endpoint protection services right now 

For McConachie, businesses should deploy multi-factor authentication (MFA) as soon as possible, and consider FIDO2 security keys. The latter “have been proven to be the most effective phishing-resistant option for business-wide cybersecurity”, he says. 

“By removing the reliance on passwords, MFA and strong 2FA are more user-friendly and can be used for both personal and professional data security. This is especially important as cyber-attacks are not limited to companies but can directly target customers and employees too.”

One of the most used-used passwords - “123456” - is still in use today, despite being known by virtually every cybercriminal out there, the report concluded.

Sead Fadilpašić
Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.