A new survey has found that two out of every five employees in Ireland have experienced phishing, hacking, cyber fraud or other cyber attacks.

The research, carried out by Amarach on behalf of Microsoft, also revealed employees can often be the weak link, with a fifth admitting they write down their passwords.

Some 44% say they recycle the same password across multiple applications and just 16% of employees have updated their passwords in the last 12 months.

The poll also found that a third have plugged a non-work USB drive or data storage device into their work machine, posing a possible intellectual property loss or theft risk.

According to Microsoft, 81% of major data breaches last year arose from this practice, underlining the dangers.

A further risk is posed by employees working from home using their home device for work purposes, with half of those questioned acknowledging they prefer to do this rather than use their work device.

As a result, a quarter of respondents say they have accidentally shared work-related material with friends and family.

The survey also found that not only is there a risk around use of home devices, but that one in three of those surveyed say they use personal email for work-related storage or for storing customer data.

But despite the dangers posed by such practices, almost half of all public and private sector employees surveyed said they have received no security training in the last year.

The survey was conducted among 700 employees working in Irish businesses that have over 100 staff.

The results also show that many people have been the victim of a data breach with just under a third of employees surveyed notified that their personal data has been compromised.
"Organisations must now ensure they are taking a considered approach to data security, and embrace new procedures and technologies, coupled with consistent training, enforced policies, along with better device upgrades to enable employees to deliver the productivity needed for successful transformation with a minimum of risk to the organisation," said Des Ryan, Microsoft Ireland Solutions Director.
Microsoft says there is a wide range of steps that people can take to ensure their organisation's data remains secure, including keeping employees properly trained, guarding against phishing and increasing security around passwords, including considering the introduction of biometrics.

It also points to the importance of keeping software up to date and putting technology in place to backup data in the cloud.