Half of younger UAE employees admit opening suspicious emails: study

Half of the employees in the 16-24 age group in the UAE admitted to opening emails even though they looked suspicious, a new study by cybersecurity firm Mimecast says.

This group, despite its tech-savvy cred, is also guiltier of blurring the lines between their business and personal usage of these devices, the report adds. Everyone in the 16-24 age group (100 per cent) reported using their issued devices for personal use, while only 50 per cent of the older – 45 to 54- group admitted the same.

The State of Email Security 2020 report found that in the UAE, 87 per cent of respondents extensively use their company-issued device for personal matters, with two-thirds (66 per cent) admitting to an increase in frequency since starting to work remote.

The most common activities were checking personal email (57 per cent), carrying out financial transactions (59 per cent) and video calls with friends and family (50 per cent). Personal email and browsing the web/shopping online were already two areas of major concern for IT professionals.

In the Middle East, 66 per cent of respondents said there was a risk to checking personal email as the cause of a serious security mistake, and 65 per cent thought surfing the web or online shopping could likely cause an incident.

Read: A quarter of firms in MEA face dire cybersecurity skills gap

Encouragingly, all of the respondents in the UAE (100 per cent) claim to be aware that links in email, on social media sites and websites can potentially infect their devices. Eighty-one percent have even received special cybersecurity awareness training related to working from home during the pandemic. However, this doesn’t always translate into putting this knowledge into practice.

The research highlights themes of a strong disconnect in certain countries, including the UAE. Despite the majority of respondents stating that they’ve had special awareness training, 61 per cent still opened emails they considered to be suspicious. Meanwhile, 50 per cent of the respondents admitted to not reporting suspicious emails to their IT or security teams.

“This research shows that while there is a lot of awareness training offered, most of the training content and frequency is completely ineffective at winning the hearts and minds of employees to reduce today’s cybersecurity risks,” said Josh Douglas, vice president of threat intelligence.

“Awareness training can’t be just another check-the-box activity if you want a security-conscious organisation.”