Two thirds of UAE professionals admit opening suspicious emails

Mimecast Limited, an email security and cyber resilience company, has released new research which highlights the risky behaviour of employees using company-issued devices. More than 1,000 respondents in countries throughout the globe were asked about their use of work devices for personal activities and how aware they are of today’s cyber risks. The results highlighted the need for better awareness training, as people are clicking on links or opening suspicious emails despite having been trained.

Earlier this year, an urgent request for IT teams across the globe was to ensure the efficient issuance of laptops and other computing devices to employees, as much of the workforce started working remotely due to the novel coronavirus pandemic (COVID-19). A key priority for IT professionals was to then ensure their IT and security policies were ready for the rush to remote work.

The blurring of personal and professional Life

Mimecast’s research found that in the UAE, 87% of respondents extensively use their company-issued device for personal matters, with two-thirds (66%) admitting to an increase in frequency since starting to work remote. The most common activities were checking personal email (57%), carrying out financial transactions (59%) and video calls with friends and family (50%). According to the State of Email Security 2020 report, personal email and browsing the web/shopping online were already two areas of major concern for IT professionals. In the Middle East, 66% of respondents said there was a risk to checking personal email as the cause of a serious security mistake and 65% thought surfing the web or online shopping could likely cause an incident.

Awareness training doesn’t always mean correct behaviour

Encouragingly, all of the respondents in the UAE (100%) claim to be aware that links in email, on social media sites and on websites can potentially infect their devices. 81% have even received special cybersecurity awareness training related to working from home during the pandemic. However, this doesn’t always translate into putting this knowledge into practice. The research highlights themes of a strong disconnect in certain countries, including the UAE. Despite the majority of respondents stating that they’ve had special awareness training, 61% still opened emails they considered to be suspicious. Meanwhile, 50% of the respondents admitted to not reporting suspicious emails to their IT or security teams.

Email awareness

“This research shows that while there is a lot of awareness training offered, most of the training content and frequency is completely ineffective at winning the hearts and minds of employees to reduce today’s cybersecurity risks,” said Josh Douglas, Vice President of Threat Intelligence. “Better training is crucial to avoid putting any organisation at risk. Employees need to be engaged and trainings need to be short, visual, relevant and include humour to make the message resonate. In fact, Mimecast has found that end users who have taken Mimecast Awareness Training are 5.2 times less likely to click on dangerous links. Awareness training can’t be just another check-the-box activity if you want a security conscious organisation.”

Download the full Company-Issued Computers: What are Employees Really Doing with Them? report.