Employees’ tech habits pose a risk to APAC businesses 

Employees’ tech habits pose a risk to APAC businesses 

More than half engage with suspicious emails and SMSs, while only 3% can correctly identify which emails and SMSs are legitimate or scams.  

KnowBe4, the provider of the world’s largest security awareness training and simulated phishing platform, has announced new research which has found more than half of APAC office workers (59%) don’t believe using their work email for personal activity is a security risk to their employer.

Furthermore, less than four in 10 (39%) say they always report suspicious emails and SMSs to the IT team responsible for cybersecurity. More than half (51%) say they engage with suspicious emails and SMSs.

Almost half of APAC office workers (46%) say they are not confident in identifying which emails are legitimate and which are scams, and 48% feel the same way about identifying SMSs. However, when tested, that number fell even more with only 3% able to correctly identify all the real and scam emails and SMSs. 

Jacqueline Jayne, Security Awareness Advocate for APAC at KnowBe4, said: “The obvious first issue with this is that if APAC office workers are unable to identify scam emails and SMS messages then they are at significant risk of getting phished or smished, risking both their security and that of their employer.

“According to the ACCC, Australians lost a record AU$323 million to scams in 2021 (up a massive 84% from the previous year). Meanwhile, 790 Singaporean victims fell prey to the recent OCBC smishing scam with a total loss amount of SGD$13.7 million, so the potential cost to APAC businesses is huge.” 

In addition, more than one in 10 admit to using their work phone (14%) and their work email address (11%) for personal activities and more than one in three (34%) APAC office workers admit to using the same password for more than one account. 

Jayne continues: “When employees are using their work email address for personal activities such as online shopping, they are much more likely to fall victim of a phishing attack that uses a hook such as delivery delays to entice the victim to click through.

“Having a clear separation between work and personal activities makes it much easier to spot when an email is a scam – if you know you never shop online using your work email address then you know that email from Amazon can’t be real.” 

Browse our latest issue

Intelligent CISO

View Magazine Archive