Three in every five (59%) office workers in Australia and Singapore don’t believe that using their work email for personal activity is a security risk to their employer, according to research from KnowBe4.
Conducted online on December 2-7, 2021, the study covered 1,045 office workers and 204 Australian IT decision makers in Australia, 1,012 office workers and 200 IT decision makers in Singapore.
The global provider of security awareness training also found that less than two in five (39%) employees say they always report suspicious emails and SMSs to the IT team responsible for cyber security.
More than half (51%) say they engage with suspicious emails and SMSs. Almost half of surveyed office workers (46%) say they are not confident in identifying which emails are legitimate and which are scams, and 48% feel the same way about identifying SMSs.
However, when tested, that number fell even more with only 3% able to correctly identify all the real and scam emails and SMSs.
“The obvious first issue with this is that if office workers are unable to identify scam emails and SMS messages then they are at significant risk of getting phished or smished, risking both their security and that of their employer,” said Jacqueline Jayne, security awareness advocate for APAC at KnowBe4.
Jayne noted that Australians lost a record $323 million to scams in 2021, an increase of 84% from the previous year. Meanwhile, 790 individuals in Singapore fell prey to the recent OCBC smishing scam with a total loss amount of S$13.7 million.
The study also found that more than one in 10 respondents admit to using their work phone (14%) and their work email address (11%) for personal activities, such as shopping online. More than one in three (34%) surveyed office workers admit to using the same password for more than one account.
Jayne said that when this happens, employees are much more likely to fall victim of a phishing attack that uses a hook such as delivery delays to entice the victim to click through.
“Having a clear separation between work and personal activities makes it much easier to spot when an email is a scam – if you know you never shop online using your work email address then you know that email from Amazon can’t be real,” she said.