Around 24% of employees have never had any cybersecurity training, according to a new study by NordLocker. Employees often get the blame for phishing attacks, ransomware attacks, and malware infections, but respondents feel the organisations should be accountable.

The survey also reveals that a significant 54% of companies have encountered a cybersecurity incident within the past 12 months. These incidents encompass a wide range of security breaches, including phishing attacks, data breaches resulting from third-party vendor hacks, malware infections through malicious email attachments, and various other forms of cyber threats.

The marketing industry has emerged as the most vulnerable to cybersecurity issues, particularly in relation to data breaches stemming from compromises within their network of third-party vendors.

Other findings from the study include:

* About 25% of respondents wouldn’t know what to do in case of a cyberattack.

* Only half of the companies use encryption.

* Approximately 40% of companies have no dedicated person for cybersecurity incidents; and

* About 39% of respondents have sent an email to the wrong person at some point in time.

NordLocker research indicates that over 30% of respondents admit to storing their personal information on their work computers. While the percentage of individuals using work devices for personal purposes is relatively lower at 22%, this number still raises concerns and paints a worrisome picture.

“Considering that one in five people utilize their work computers for personal tasks or to store personal data, the implications become more significant. This highlights the potential risks and security vulnerabilities associated with employees combining personal and work-related activities on company devices,” says Aivaras Vencevicius, head of product for NordLocker.

Vencevicius emphasises that the practice of using work computers for personal purposes can have a significant impact on the overall security of company data, particularly when faced with threats like ransomware attacks. Hackers may exploit the personal information stored on these devices to manipulate employees into granting access to sensitive company resources.

The survey also reveals that 36% of respondents express a high level of concern regarding their own privacy when using their work computers. When questioned about the perceived threat of personal information leaks, an overwhelming 61% confirmed that they would view it as a serious and significant risk.

Survey results indicate a trend among respondents, with 42% admitting to reusing passwords for both their home and work accounts. This behaviour can be attributed to the fact that only 41% of participants claim to remember their passwords, leading them to opt for convenience over security by using the same passwords across multiple applications and systems.

Regarding password change frequency, respondents reported doing so once a year (11%), once every six months (26%), or once a quarter (39%). However, it remains unclear whether these changed passwords are genuinely unique, robust, and difficult to crack or if they are simply variations of previously used passwords.

An alarming discovery was that nearly 40% of respondents store their passwords in an open file on their computer or in a physical notebook. While some individuals use browser-based (27%) or third-party (28%) password managers a significant portion still opt for less secure storage methods for their passwords.

The findings shed light on the concerning state of data security practices among business professionals. While a portion of employees may employ measures such as encryption, password managers, or encrypted cloud storage platforms to safeguard company data, there remains a substantial number who jeopardise the security of their organisation by occasionally engaging in irresponsible behaviour.

These results highlight the urgent need for organizations to prioritize comprehensive training programs and establish clear guidelines regarding data security protocols.

Vencevicius says that by instilling a culture of responsibility and accountability, businesses can mitigate the risks associated with lax data security habits and foster a more secure working environment. It is imperative for employees to understand the potential consequences of their actions and actively adopt best practices to ensure the protection of sensitive company information.