Building a slide deck, pitch, or presentation? Here are the big takeaways:

  • 24% of employees use free Wi-Fi hotspots to access work-related emails and documents. -T-Systems, 2017
  • 28% of employees email work documents to and from their personal email. -T-Systems, 2017

Poor employee cyber hygiene may put companies at heightened risk for attack over the holiday break, according to a new report from T-Systems.

T-Systems, the corporate IT and cybersecurity arm of Europe’s largest telecom company, Deutsche Telekom, warns companies that security risks abound when companies allow employees to work over Christmas.

Of the 2,000 UK employees surveyed, 24% said they use free Wi-Fi hotspots to access work-related emails and documents while out of the office, the report found–a major risk, as these insecure portals are easy for hackers to clone. Further, 10% of employees said they use free USB charging points at airports and stations, which can be used to transfer viruses and malware to unsuspecting victims. And 28% of employees said they email work documents to and from their personal email account, creating more security issues.

SEE: Remote access policy template (Tech Pro Research)

“Our research shows a third of employees use free Wi-Fi at locations such as those at airports, hotels, coffee shops and bars, despite these being insecure and open to communication interception by cyber criminals,” Scott Cairns, the UK head of cybersecurity at T-Systems, said in a press release. “Couple this with the widespread practice of employees emailing documents to their private email on their own devices, where security is invariably lower, and you open your organisation to potential attacks.”

Some 18% of employees said they connect their digital camera to their work computer to download photos, and 15% said they connect USB drives and memory cards that they share with family members to their work computer–putting them at more risk for viruses.

Making this problem worse is a lack of cybersecurity education, according to the report: 28% of employees said they have never in their working career had any cybersecurity training to protect themselves and their employer against threats.

“Training your employees regularly on effective cyber-security practice is probably the single-most effective step organisations can undertake to dramatically reduce their risks of viruses, malware and other common forms of cyber-crime,” Cairns said. “Our research shows many employees are not knowledgeable on the multitude of ways their devices can be infected with viruses and malware… and those who thought they were ‘very knowledgeable’ frequently gave the wrong answer when questioned!”

While employees may pose the largest security risk to companies, they are also the key to strengthening security overall, as noted by TechRepublic’s sister site ZDNet. For more tips on how to keep your employees cybersecure, click here.