63 per cent of British workers do not realise that unauthorised access to an email account without the owner’s permission is a criminal offence, according to a new study from Centrify, a leading provider of cloud-ready Zero Trust Privilege to secure modern enterprises.
This news comes just a few months prior to the 30-year anniversary of the Computer Misuse Act – a piece of law that deals with the crime of accessing or modifying data stored on a computer without authorisation to do so. As it stands, the lowest-level of penalty if you are found guilty of gaining access to a computer without permission is up to two-years in prison and a £5,000 fine.
Rather worryingly, 69 per cent of those surveyed revealed that they do not have confidence in their security processes when it comes to protecting their data. As a result, almost two-thirds (63 per cent) of workers refuse to change their passwords when prompted to by an app or their company. At the same time, 27 per cent use the same password for multiple accounts, putting both their personal life and their professional security at risk.
The survey of 2,000 fulltime UK workers in professional services, conducted by independent survey company Censuswide, also found that one in 20 workers have admitted to logging into their friend’s Facebook without permission. A further one in 25 admit to having hacked-in to a colleague’s email account without permission.
Findings also included: 14 per cent do not use multi-factor authentication for apps or services unless forced to do so, and 14 per cent keep their passwords in a note book or on their desk – putting their companies’ data at risk of hackers or even colleagues with malicious intent.
Andy Heather, VP, Centrify comments:
“Cyber attacks can have a devastating impact on a company or individual and it is important that workers understand how seriously instances of unauthorised access to someone else’s computer will be taken.
“At the same time, workers must ensure that they take the necessary precautions in ensuring that their own passwords can not be guessed, stolen or obtained by any of their peers, and organisations must adopt a zero-trust approach to further reduce the risk of malicious parties taking advantage of their colleagues log-in credential and their company’s data.”
Donal Blaney, cyber law specialist at Legal 500 ranked firm, Griffin Law comments:
“Business owners and managers need to get their acts together. Ignorance of the law is no defence. Their systems are vulnerable to attack and if employees do things in the name of their bosses, that opens businesses and their owners or directors up to substantial liabilities. It’s time to wake up before it’s too late.”