DMU research shows how workers' online behaviour is putting firms at risk

The extent that companies are being put at risk of cyber crime by staff who share passwords, log onto insecure sites at work or click on links in emails has been laid bare in a new poll.

INSET cyber story

Delegates at an event run by De Montfort University Leicester (DMU) were the first to hear results of a survey of more than 500 people from companies across Leicester, Leicestershire and the region.

Dr Lee Hadlington, cyber psychologist at DMU, carried out the work and revealed his preliminary findings for the first time to companies at his event for Leicester Business Festival. The festival, the biggest showcase for businesses across Leicester and Leicestershire, has been sponsored by Leicester Castle Business School.

The survey asked people about their own attitudes to cyber crime and how they behaved while online at work – for example, by bringing in their own USB sticks or using personal emails.

Among the findings were:

•    69% have the same password to log into multiple websites
•    33% brought their own USB sticks to plug in to work devices
•    27% shared their passwords with friends or colleagues
•    24% downloaded data from unsecure websites (eg streaming TV programmes)
•    72% clicked on links contained in emails they believed were from friends or colleagues  
•    98% said it was entirely the responsibility of the management to protect the company against cyber attacks

Dr Hadlington said he was shocked by the findings. He said: “I didn’t think that the data on risky online behaviours would be that bad.

“People are engaging in positive behaviours, such as installing the latest updates on their phones and keeping anti-virus software up to date, but something seems to happen when they walk through the company door, where they hand over all responsibilities to the company.

“It only needs one person responding to a spam email to put that company at risk.”

The survey involved 538 people from more than 500 companies. The majority of firms employed more than 250 people. The highest response rate came from 25-34 year olds.

DMU can analyse individual company staff to discover and runs training courses to make people more aware of ‘risky behaviours’ which could put security at risk. The university works with the Home Office and police to try to understand how and people behave online and what motivates their behaviours.

* Book onto a DMU Open Day
* DMU Psychology is top for teaching quality and satisfied students
* Heavy internet users more likely to make mistakes in daily life

As part of the event, digital forensics consultancy IntaForensics staged a demonstration showing how easy it was to hack into a company’s site.

Neil Campbell is from website company Silverdisc, of Northamptonshire, which founded the Northants Resilience Forum to help businesses in the county be more aware of the risks.

He said: “I thought the statistics were shocking in how high the numbers were – it shows how much is at risk. You would be surprised how easy it is to break into websites.”

Posted on Tuesday 8th November 2016

Search news archive

DMU open days
News target area image

DMU is a dynamic university, read about what we have been up to in our latest news section.

Events at DMU

At DMU there is always something to do or see, check out our events for yourself.

Mission and vision target area image
Mission and vision

Read about our mission and vision and how these create a supportive and exciting learning environment.