Staffers are more likely to be victimized online than in person, according to a new study by Cornell University and University of Maryland.
The findings highlight the importance of protecting the anonymity of workers and the ability to access sensitive information.
“We know that a lot of our work and our livelihoods are dependent on the ability of our colleagues to be anonymous, and it’s important to make sure that they can do so safely and securely,” said Maryann M. Dutcher, director of Cornell’s Center for Cybersecurity and Information Security.
“This study is important for many reasons, and the most important is that it gives us a baseline of how well we are protecting the privacy and security of our workforce.”
The study, titled “The Internet Is Not the Place to Protect Yourself from Online Fraud,” is based on data from a survey of nearly 2,000 employees in the United States and Canada.
The researchers surveyed nearly 2.5 million workers to better understand the challenges and opportunities for cyber-thieves in the workplace, including the types of scams and fraudulent activity that are commonly employed.
The survey found that:• About one in three workers are exposed to a malicious website, which has the potential to steal or otherwise misuse personal information.• About 1 in 4 workers had seen a website containing fraudulent content.• Some of the most common types of fraudulent activities involve identity theft and identity fraud.• Nearly one in five workers had been victimized by identity theft, and one in six workers had encountered fraud through fraudulent payments, e-commerce, or online banking.• More than one in 10 workers have experienced at least one type of identity theft in their career.• Only one in four workers had experienced at most two types of identity fraud, and about one in seven workers had suffered at least three types of fraud.
The study found that employees who are exposed online are more at risk of being victimized in a variety of ways.
The survey found:• Workers who have been exposed to malicious websites are more than twice as likely to report experiencing identity theft.• Employees who have encountered fraudulent content are more susceptible to fraud.
This includes people who have seen content that contains malware or malicious software.• People who have faced fraud are more vulnerable to identity theft when they are not using passwords that are well-protected, or when they do not use strong passwords.
The investigators also found that many employees had experienced identity theft or fraud through other means, including through e-mail, social networking sites, or other forms of online payment.
While cyber-crime has a significant impact on our economy and on the safety of the nation, cyber-bullying has become a growing problem in the work place.
“Cyber-bullies target young, female, and underrepresented minorities in our workplaces, and cyber-attacks are often carried out through email, online chat, and social media,” Duther said.
“Employers must take steps to identify, monitor, and address cyber-threats and cyberbullying in order to protect their employees and the entire workforce.
It’s critical that we make cyber-safety a top priority for our companies and our workers.”
The researchers also found a lack of cybersecurity awareness among employers and workers, leading to the development of new ways to help protect the privacy of their employees.
“When we look at the data, we see that a number of employers are unaware of the law in their jurisdiction and have a poor understanding of the digital environment,” said Dutchers research assistant, Kelly McConaghy.
“It’s important that employers know the risks of online identity theft online and how to protect themselves from fraud.
Employers also need to develop policies that provide for protection against identity theft.”
According to the report, only about half of workers are aware of the Federal Information Privacy Act and how it protects their privacy.
Many employers are reluctant to take action on cybersecurity issues, including making employees sign up for cyber protection plans or training.
The authors say the most effective way to protect the anonymity and security for workers is to implement policies that give employees the opportunity to opt out of using their employer’s online password.