UK workers don’t realise hacking is a criminal offence

06 December 2019

The survey of 2,000 fulltime UK workers in professional services also found that one in 20 workers said they have logged into their friend’s Facebook account without permission

The survey of 2,000 fulltime UK workers in professional services also found that one in 20 workers said they have logged into their friend’s Facebook account without permission

Almost two thirds (63%) do not realise that unauthorised access to an email account without the owner’s permission is a criminal offence, according to a new study from a cyber security company.

The survey of 2,000 fulltime UK workers in professional services, conducted by Centrify via independent survey company Censuswide, also found that one in 20 workers said they have logged into their friend’s Facebook account without permission.

A further one in 25 admitted to having hacked-in to a colleague’s email account without permission.

These findings come just a few months prior to the 30-year anniversary of the Computer Misuse Act – a piece of legislation that deals with the crime of accessing or modifying data stored on a computer without authorisation to do so.

Currently, the lowest-level of penalty for a person found guilty of gaining access to a computer without permission is up to two-years in prison and a £5,000 fine.

In addition, 69% per cent of those surveyed revealed that they do not have confidence in their security processes when it comes to protecting their data.

As a result, almost two-thirds (63%) of workers refused to change their passwords when prompted to by an app or their company.

Elsewhere, 27% said they used the same password for multiple accounts, putting both their personal life and their professional security at risk.

The survey further revealed that 14% do not use multi-factor authentication for apps or services unless forced to do so, while 14% keep their passwords in a notebook or on their desk – putting their companies’ data at risk of hackers or even colleagues with malicious intent.

“Cyberattacks can have a devastating impact on a company or individual and it is important that workers understand how seriously instances of unauthorised access to someone else’s computer will be taken,” said Andy Heather, vice president at Centrify.

“The Computer Misuse Act does not discriminate between hackers with malicious intent and employees who do not know the law. Would the one in every 20 employees who have admitted to hacking done so if they realised the risks that are presented to their company, and the actions which could be taken against them were they caught?”

Heather added that “at the same time”, workers must ensure that they take the necessary precautions in ensuring that their own passwords cannot be guessed, stolen or obtained by any of their peers, and organisations must adopt a zero-trust approach “to further reduce the risk of malicious parties taking advantage”.

Last year, Conservative MP Kemi Badenoch admitted in an interview that she hacked Labour rival Harriet Harman’s website in 2008, apparently unaware of the seriousness of breaching the Computer Misuse Act.