Women are better than men at protecting their work and private data, new research has revealed.
The study, which examined the online behaviour of UK employees, discovered how vulnerable organisations are to cyber threats posed by social engineering, which sees hackers use stolen personal information to attack corporate networks.
Overall, 54% of respondents said they would connect with strangers on social media and 56% had not set up access controls to their social media.
But it was middle-aged men who came off worst in the survey, with women more aware of cyber threats. More than half of the women surveyed (52%) had set up privacy settings on their social profiles, compared to just 36% of men.
However, while females are more diligent about their privacy on social media sites, the survey did find they may still be vulnerable – with 12% using pet names to generate online passwords, compared to just 5% of male employees.
Researchers also revealed a generational gap in employees’ security savviness. The majority of the 18 to 24 year olds quizzed (62%) had taken precautions over who can access their social media data on mobile apps by checking identities of before connecting.
However, the same respondents tended to share more work information on social media, while only 33% of 45-to-54-year-old respondents said they check requests before accepting invitations to connect.
In recent cyber attacks, basic information has been used to reset social media passwords, which then provides hackers access to sensitive information that can damage brand reputations and compromise valuable business assets.
Surprisingly, 18% of respondents said they have never had IT security training. And of the people who had been trained, just 10% received regular training.
Although social engineering cyber attacks are becoming more complex, just 6% of employees in the study had received training and guidance on phishing attacks – a common tactic.
“This research shows how employees can be a gateway in to corporate systems,” said Hugh Thompson, chief technical officer and SVP at Blue Coat, which commissioned the research. “As they reveal more about themselves on social media, they become more ‘knowable’, which exposes them to higher risk of social engineering.
“As the seriousness and complexity of threats grows, businesses need to employ security measures, including training, that take into account the habits and behaviours of employees to better protect the enterprise. Security measures need to be seamless and tailored to enforce cyber-safe behaviour recognising that even the paranoid can be phished.”