T-Systems ), the corporate IT and cyber-security arm of Deutsche Telekom (Europe’s largest telecoms company), is warning organisations of the security risks associated with allowing employees to work while on their summer holiday.
Where employees absolutely must interrupt their summer vacation to email and work remotely, T-Systems says it is essential those employees have had recent cyber-security training, or they risk compromising business security and confidentiality.
Scott Cairns, the UK head of cyber security at T-Systems, said:
“Time away from our hectic work life should be treasured, not spoilt by an expectation we will respond to work emails and requests. Putting aside the impact on our families, this practice also creates a real cyber-security threat for organisations.
“Our research shows a third of employees use free Wi-Fi at locations such as those at airports, hotels, coffee shops and bars, despite these being unsecure and open to communication interception by cyber criminals. Couple this with the widespread practice of employees emailing documents to their private email on their own devices, where security is invariably lower, and you open your organisation to potential attacks.
“Our message to businesses for the holiday season is ‘let your employees enjoy an uninterrupted break’. Strongly discourage them from taking work on holiday, and make sure employees do not feel pressured to work when they should be taking time out.
“Where it is unavoidable, businesses should ensure there is training, and clear guidelines to be followed. This training is particularly important, as our research shows many employees are not knowledgeable on the multitude of ways their devices can be infected with viruses and malware… and those who thought they were ‘very knowledgeable’ frequently gave the wrong answer when questioned!”
Scott Cairns added: “We’ve already begun to see the financial impact these malware attacks have had on multinationals in 2017, including Reckitt Benckiser and Mondelez (the maker of Cadbury chocolate). Reckitt disclosed to the Financial Times this month that it expected sales would be hit by an estimated £110m this year as a direct result.
“Employees can be an easy scapegoat for poor corporate cyber-security practice, however many do not receive adequate training from their employer. Our research found that despite the pace at which cyber-attacks are evolving, 66% of respondents had received no up-to-date education within the past twelve months. Nearly 30% of respondents say they have never had cyber security education at any employer.
“Training your employees regularly on effective cyber-security practice is probably the single-most effective step organisations can undertake to dramatically reduce their risks of viruses, malware and other common forms of cyber-crime.”
T-Systems’ research was conducted by respected market research agency Censuswide into over 2,000 UK employees. Its findings include:
- Nearly a third of employees (31%) use free Wi-Fi hotspots, and nearly a quarter (24%) use them for work-related emails and documents. These are a big danger area as they are insecure and easy for hackers to clone (getting access to all email and web traffic, including any work documents and passwords)
- 28% of employees email work documents to and from their personal email, despite this creating numerous security problems.
- 10% use free USB charging points at airports and stations. These ports can be used to transfer viruses and malware to unsuspecting users
- The blame, however, cannot solely be placed on the employees, remarkably 28% of employees have never in their working career had any cyber security trainingto protect themselves and their employer, as you can see the threats are avoidable
Cyber-security training for all employees is particularly important as the dangers continue when employees come home from holiday. T-Systems’ research found that:
- 18%of employees admit to connecting their digital camera to their work computer to download photos. And don’t think that Wi-Fi and Bluetooth connections are safer, viruses and malware can just as easily transfer through wireless connections and then quickly spread through the organisation.
- 15% admit to connectingUSB sticks and memory cards that they share with their family members to their work computer. A sure way for viruses to quickly spread from home to business.
About T-Systems:
With a footprint in more than 20 countries, 43,700 employees, and external revenue of 7.9 billion euros (2016), T-Systems – Deutsche Telekom’s business customer division – is one of the world’s leading providers of digital services.
About T-Systems’ cyber-security research:
The research was conducted on behalf of T-Systems by accredited research agency Censuswide in May 2017, based on a representative panel of 2,050 full-time workers. Breakdowns of the research are available by region, business size, Male/Female and private/public sector.
About T-Systems: T-Systems company profile
T-Systems research – the key facts:
T-Systems research – the key facts:
Table 1 – Poor cyber security practice is common:
| I use my personal phone and / or PC / laptop for my work email | 31.60% |
| I email work documents to my personal email address | 27.90% |
| I use free Wi-Fi hot spots (in cafes, stations, etc) when using my personal phone and / or laptop for work (e.g. email, documents, etc) | 23.80% |
| I use my personal PC / laptop for work productivity (e.g. Word, PowerPoint etc) | 22.90% |
| I use free Wi-Fi hot spots (in cafes, stations, etc) when using my office phone / tablet / laptop for work (e.g. email, documents, etc) | 15% |
| I use USB charging points at airports / stations for my work laptop, tablet and / or phone | 9.80% |
| I use the same passwords at work as at home | 6.80% |
| I do at least one of the above | 66.40% |
Table 2 – Which of the following do you connect to the Desktop/ laptop computer that you use for work (whether you are in the office, your home, or elsewhere)?
| Type of device | Number of household with them |
| My mobile phone via a cable | 28.60% |
| Digital camera to download photos | 18.40% |
| Memory sticks and cards (also known as USB sticks) I share with other employees | 18% |
| Memory sticks and cards (also known as USB sticks) I share with people at home | 15.10% |
| Other electronic devices (e.g. Dictaphones) | 3.50% |
| None of the above | 45.50% |
| Table 3 – When was the last time you had cyber security training at your work? | ||||
| In the past 6 months, please specify in months | 8.40% | |||
| In the past 7-12months | 25.40% | |||
| In the past 13-24 months | 9.70% | |||
| Over 2 years ago | 7.80% | |||
| So long ago I can’t remember when | 5.70% | |||
| Never at my current employer (but had some at a previous employer) | 3.70% | |||
| Never at any employer | 28.40% | |||
| N/A I don’t use a Desktop, laptop or smartphone for work | 11.00% | |||
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.