You receive a strange email. It looks shady. You’re probably being phished – a hacker is attempting to gain access to your enterprise. They must want to hijack your user name, password or credit card number. You click on the email anyway?
That’s the case for the nearly 1 in 5 (19%) U.S. employees working in an office setting who admit they have opened an email at work they suspected to be fake or a phishing scam – without notifying the IT department – according to the results of a survey by Harris Interactive.
This ignorant and self-destructive behavior, which puts the entire enterprise in jeopardy, points to a critical need for organizations to better educate staffers who don’t understand the risks their actions can pose.
Want more evidence employees need better education? Nearly 1 in 4 (23%) office workers don’t understand why their employer makes them change passwords so often.
“These are otherwise intelligent people who, if informed about the potential consequences of their actions, would do the right thing,” said Chris Sullivan, vice president, advanced intelligence solutions at Courion, a leading authority in intelligent identity and access management (IAM). “Any employee may succumb to natural curiosity. Before curiosity kills the cat, organizations need to get their arms around this behavior. They need to educate their employees and use systems that eliminate risky activities.”
“It’s worrisome that despite years of software development and awareness-building, many organizations still lack control and insight into the growing access risk within their own walls,” said Sullivan.
The survey was conducted online within the United States by Harris Interactive on behalf of Courion between May 31 and June 4, 2013, among 2,084 adults ages 18 and older, among which 552 work in an office setting.