Twenty percent of Dutch people has clicked a suspicious link out of sheer curiosity, according to research conducted by NPM participation Conclusion among 1003 people in the Netherlands. People in their 30s are most likely to admit this: specifically, 27 percent of respondents in the age group between 30 and 39 years old, as determined by the IT and business transformation service provider. In addition, 22 per cent of Dutch people has witnessed a situation in which somebody overheard and remembered another person's password without their knowledge.
The research also shows that work and private lives often mix. More than a third of Dutch people (36 per cent) believes it is no problem to use private and work devices side by side. For young people between 16 and 29 years old, that percentage even rises to 48 per cent, in contrast to 24 per cent among the 60+ age group. According to Roel Gloudemans, Director of IT Risk & Compliance at Conclusion, this mixing results in organizations increasingly losing grip of their own data. “Private devices often lack central security, monitoring and encryption, allowing sensitive information to be more easily leaked or intercepted.”
Sharing confidential information through personal channels is another risk. Although 84 per cent of respondents believe that work documents or passwords should not be shared through WhatsApp or personal e-mail, still 16 per cent believe this is acceptable. Among young people, that share rises to 24 per cent. Saving company documentation in a private cloud like Google Drive or Dropbox is deemed acceptable by 28 per cent. Among young people between 16 and 29, this rises to 36 per cent.
Gloudemans emphasizes that such habits can have major consequences. “When documents or passwords are shared through WhatsApp or personal e-mail, you immediately lose control as an organization. Recent incidents, such as the data leak of billions of WhatsApp accounts, show just how vulnerable such platforms may be. Combine that with the storage of work files in private clouds without professional security, and you've created a perfect angle for cyber criminals. If we don't actively address such behaviour, organizations face unnecessary risks of data leaks, ransomware attacks and compliance lapses.”
