Furloughed employees will return to work in the next few months and many will face a huge backlog of emails. In their eagerness to clear the logjam, employees face a heightened risk from phishing attacks as they prioritise speed over security.
That’s according to a Censuswide survey of 1,000 furloughed employees conducted on behalf of cybersecurity awareness training firm KnowBe4, which shows employees are likely to prioritise speed over security.
Almost nine million workers have been furloughed in the UK since March. From 1 July employers will have the choice to bring furloughed employees back to work part-time. The scheme will draw to a close completely by the end of October.
When returning to work, nearly half (47%) of furloughed employees said they will prioritise speed when sorting through mounting emails. Meanwhile, 38% of employees said they would take the time to filter emails for those that potentially contain harmful links and attachments.
On average, employees anticipate it will take an average of two days to clear the email backlog.
An overwhelming majority (89%) of furloughed employees said they felt able to correctly identify a phishing email. This is at odds with the high number of successful phishing attacks; 55% of firms said they had fallen victim to an attack in 2019, according to research by Proofpoint.
“These findings are concerning as KnowBe4’s research has demonstrated time and again that individuals are often overconfident in their abilities to spot a malicious email. In the most recent 2020 Benchmarking Report, it was found that almost 40% of untrained employees were likely to fall for a phishing email; a figure that continues to grow year on year,” said Javvad Malik, security awareness advocate at KnowBe4.
Two-thirds of respondents also conceded they had never been given phishing awareness training by their employer. And 48% said they were not worried about phishing emails because they felt it was the responsibility of the IT department.
Furloughed phishing risk compounds remote working security threats
While it is understandable that furloughed workers will want to make up for lost time and clear backlogs quickly, cybersecurity professionals fear that prioritising speed may compound the security risks that have been exacerbated by employees working remotely.
“For businesses seeking to maintain good cyber hygiene in the present environment, there is already a pressing need to ensure that the remote solution for an increasingly peripatetic workforce creates no additional opportunities for threat actors and the accompanying legal risks,” said Mark Deem, partner at multinational law firm Cooley LLP.
“This survey is a timely reminder that – whatever the strict legal position might be concerning whether furloughed staff should be working – businesses need to understand the actual online practices of its workforce, if it is to understand where legal and cyber vulnerabilities might arise.”