Cybersecurity: can umbrella contractors afford to be as complacent as client staff?
Complacent attitudes among employees towards cybersecurity are putting UK businesses more at risk.
In a survey of 1,500 UK employees, 40% feel that upholding cybersecurity best practices is not their responsibility. So why does more responsibility lie with limited company contractors and umbrella workers when accessing client systems?
Alarmingly, over a third (34%) of staff surveyed claimed to be unaware of what preventative measures their company has in place to prevent such an attack, despite 53% claiming they rely on the systems their employers have in place to keep them safe.
45% stated they felt unconcerned about a cyber-attack as their employers should ensure they have insurance in place to cover any related losses.
These findings emphasise the complacent attitudes employees have towards their role in keeping the workplace safe, said the report’s author, Superscript.
Insurance, including cybersecurity cover, can protect an IT contractor or consultant, for example, against the financial impact of a claim or legal proceedings, whether from a dissatisfied client or data leak. But in the case of umbrella company contractors are they left to sink or swim? This is something each umbrella company worker must ask their umbrella/payroll provider because they are effectively the umbrella’s employee.
Reputable umbrellas, which are harder to recognise of late, should offer contractors cyber cover as part of their monthly fees.
But with umbrella companies falling foul of ransomware attacks over the past 12 months, are they taking contractor protections with clients seriously enough or are they relying too much on what clients will have in place?
“It is important that businesses approach protection with a full 360° view,” said Cameron Shearer, Co-Founder & CEO at Superscript, the firm that conducted the survey.
“As a first step, businesses should be educating employees about the collective responsibility to cybersecurity and instil good habits. This is just as important as ensuring they have protective systems in place in case they are attacked, and insurance in place in case of a successful attack.”
Even with the adoption of more advanced cybersecurity measures including biometric, multi-factor and computer recognition authentication, one in five (21%) still believe passwords to be the most secure measure while more than a quarter (29%) prefer passwords due to their ease of use. In fact, as many as 40% viewed multi-factor authentication as an inconvenience.
This preference for convenience might explain common bad password habits identified by this study:
- 34% have changed secure and ‘strong’ workplace passwords to a weaker but more memorable one that does not meet best practice i.e., not long, complex or include symbols
- 31% have shared their workplace passwords with colleagues and people outside of work
- 30% only use two-three different passwords at work
- 15% only use one password at work
- 12% did not change their password when notified that it had been compromised
Jamie Akhtar, CEO and co-founder of CyberSmart believes now more than ever, businesses need to take a holistic approach to cybersecurity.
“It is no longer enough to rely solely on basic password practices. Rather, businesses and their employees must take on board other measures from regular security awareness training and implementing MFA, to updating software as well as adopting cyber insurance,” said Akhtar.