A further 45% have caught employees using gaming and gambling websites, and 35% noticed high use of video-sharing sites, leaving the employer open to phishing scams.
Risky Online Behaviour, which surveyed more than 600 IT-based decision-makers, showed that there was a disparity between employees' internet access and company security policies. Nearly a third (29%) of businesses neglected to monitor their employees' use of high-risk websites.
Companies fail to provide preventative measures for their employees in a number of areas, according to the survey. More than a third (36%) didn’t invest in security education for their employees, and 62% don’t conduct phishing assessments. Three-quarters (75%) do not use cloud-access security brokers, which track employees’ internet activity.
Susie Al-Qassab, a senior associate at Howard Kennedy, said: “I think a lot of employers would be surprised to hear these figures. A lot of companies are becoming increasingly involved and aware of employees' use of the internet at work.”
Al-Qassab added that HR and IT must work together to implement an online policy. “The majority of cyber attacks and access of illicit material isn’t malicious, it’s human error," she told HR magazine. "That’s why it’s important to have a coherent IT usage policy that lets employees know how to spot signs of something not looking right online.
"There must be close cooperation between HR and IT departments," she added. "A lot of the time people might read something telling them not to open emails from an unknown sender, for example, or click on suspicious websites, but it can be difficult to remember those things in practice.”
Alvaro Hoyos, chief information security officer at OneLogin, said accessing IT services remotely adds to the risk of security breaches. “With an influx of employees now choosing to work remotely from personal devices, many remain unaware of security threats and often access the internet forgetting they’re still connected to the corporate network,” he said.
“Emphasis must be placed on IT and security training for employees to understand the need to avoid high-risk websites to preserve corporate integrity.”
The research was carried out by Arlington Research on behalf of OneLogin, and was based on 605 interviews with experienced UK non-managers and above who work in their company’s IT department.
It comes in the wake of a recent Financial Times investigation that found social media and technology is fuelling sexual harassment at work, including the use of Facebook to uncover personal details and Outlook calendars to track a colleague’s movements.