End-users failing to protect themselves online

The UK’s new army of remote workers are failing to take the necessary precautions to protect their online identity, prioritising convenience and speed of access to online services over their personal security, risking repercussions for their employers.

This is the headline finding of a research study of 4,000 people in the UK and US, which was conducted by pollsters at YouGov on behalf of Callsign, an identity and authorisation specialist. It found worrying levels of overconfidence in the security of people’s credentials – 77% believed their banking passwords were secure, 74% said the same about their online shopping accounts, and 71% about their work network logins.

Ahead of World Password Day on 7 May, Callsign said this went some way to explaining why 52% of online shoppers said that they had no plans to update their passwords, a figure that rises to 54% of remote workers and 55% of online banking customers. However, in what may be a relief to CISOs, the study also found that people were a little more likely to update their work network logons – probably because of IT systems taking the time to remind them to do so every so often.

Amir Nooriala, chief commercial officer at Callsign, said some of the responsibility for addressing this problem must rest with banks, employers and retailers.

“With fraud escalating at a staggering rate, businesses cannot afford to sit back and watch,” he said. “Consumers have enough to worry about regarding the pandemic – their security shouldn’t be one of them. As more and more people shift their lives online, businesses need to take responsibility while encouraging customers and employees to prioritise personal security – without adding in extra cumbersome identity checks.

“Companies must use technology that allow consumers to log in without having to deal with pesky one-time passwords via text messages or long forgotten security questions which could result in them switching provider. With businesses on the brink, they cannot afford to lose customers that way. Instead, they need to make identification and authentication as safe and easy as possible.”

Six weeks after the UK government imposed a national lockdown, the research also highlighted that nearly two-thirds of remote workers were struggling with access to business networks and systems, and a slightly smaller number of online shoppers, resulting in lost man-hours for employers, and time wasted calling retailer customer service teams to resolve issues.

Related to this, Callsign’s study also identified little patience among consumers for poor online user experiences. Within the past month, one-fifth said they had switched well-used brands for reasons such as complex log-in processes. Consumers also tended to be indifferent to risk – when asked if the pandemic and associated increases in fraud influenced them to use banks or shops with more secure measures, 78% of Americans and 85% of Brits said “no” or “I don’t know”.

The survey also found that one in five UK consumers would overlook online security concerns linked to the use of third-party online merchants if they were buying goods perceived to be in short supply, such as flour or toilet paper.