Skip to main content

Here's another reason to never open suspicious emails when working from home

Email overload
(Image credit: Shutterstock)

Workers around the world keep going against their cybersecurity training and put their employers at risk by opening suspicous emails on work devices, according to new research.

The study from cloud cybersecurity firm Mimecast asked 1,000 respondents about their use of work devices at home, finding 73% used company devices for personal matters, with two-thirds revealing that this had increased since they began working remotely. Individuals admitted that checking personal emails, conducting financial transactions and shopping online were among the most common activities.

Most businesses are unlikely to be fazed by employees using their company smartphones to conduct a bit of personal browsing from time to time as long as security protocols are followed. Unfortunately, Mimecast found that 45% of those surveyed had opened emails that they considered to be suspicious. The same percentage also did not report these emails to IT security personnel.

Blurring the lines

“This research puts a spotlight on the fact that while there’s a good amount of awareness training being offered, the type of training or the frequency is completely ineffective,” said Michael Madon, senior vice president of awareness training and threat intelligence at Mimecast. 

“With everyone’s home becoming their new office, classroom and place of residence, it’s not really a surprise that employees are using their company-issued devices for personal use. However, better training is crucial to avoid putting the company at risk. Employees need to be engaged, and trainings need to be short, visual, relevant and include humor to make the message resonate.”

The coronavirus pandemic has forced businesses to rapidly adopt remote working practices, naturally blurring the lines between personal and work behaviour online. 

Although many organizations are offering cyberthreat awareness training – 64% of respondents claimed to have received special cybersecurity awareness training related to working from home during the pandemic – it is vital that such training does not become just another box-ticking exercise.