Even though the vast majority of UK organizations shifted to fully remote working throughout 2020, barely a third of them offered their users any specific training on how to work from home safely and securely, according to the recently published 2021 edition of Proofpoint’s annual State of the Phish report.
This year’s report is based on an analysis of a survey of 600 security professionals in the UK, Australia, France, Germany, Japan, Spain, and the US, as well as a third-party study of 3,500 working adults in the same country, data gleaned from 60 million simulated phishing attacks Proofpoint sent to its customers and 15 million user-reported incidents.
“The findings related to remote working situations in the UK are eye-opening,” said Adenike Cosgrove, Proofpoint cyber security strategist, international. “Nearly all the UK infosec professionals we surveyed said they supported a new, remote working model for at least half of their organization’s workers last year. And yet, just over a third of these respondents said workers were trained about security practices related to working from home.
“At the same time, more than half of UK workers say they allow their friends and family to access work-issued devices to do things like shop online and play games. These gaps represent a significant risk and reinforce the need for security awareness training initiatives that are tailored to the remote workforce.”
Alongside the notable failure to provide adequate security training, the UK data shows a tendency among British organizations to operate a consequence model, meaning there are real-world consequences for users who repeatedly breach their employers’ security by falling for actual or simulated phishing attacks.