Support the Human Firewall by Identifying the Riskiest Users and Their Most Dangerous Online Behaviors Blog


To gain a better understanding of risky behaviors that employees engage in while working remotely or in hybrid environments, SecurityAdvisor analyzed over 500,000 malicious emails and 500,000+ dangerous website visits made by enterprise employees across 20 different countries. Top Riskiest Behaviors and Employees in a Hybrid Workplace is a new report that reveals the most dangerous users in a typical organization


While the flexibility of hybrid work is a boon to busy workers, security leaders face a challenging new work environment. As remote and hybrid work become permanent fixtures for organizations, businesses increase their human attack surface. Employees have always engaged in risky behaviors, but with the rise of hybrid work, employees now use personal and work devices interchangeably. As a result, their actions may have a hazardous effect on the security of the company. Without a physical office and an on-premises network, remote employees are more vulnerable to cyberattacks.

SecurityAdvisor discovered that women are far safer than men, with 76% of male employees engaging in risky online behaviors compared to only 26% of their female counterparts. Kellie A. McElhaney, Distinguished Teaching Fellow and Founding Director of the Center for Equity, Gender, and Inclusion (EGAL) at UC Berkeley's Haas School of Business, provided some insight into the reasons behind the differences between men and women. Prof. McElhaney explained that men view risk as a game and are taught from a young age to win at all costs. When threatened with a loss or negative outcome, they will do whatever possible to avoid it. Adverse consequences are only levied upon the risk taker.

The same is not true for women or members of non-dominant social groups in the workplace. According to studies, women are more aware of the long-term ramifications of risky behaviors since they are aware their actions may have an adverse effect on other members within the group.

Additional highlights from the report include:

  • Senior-level employees, including members of the C-suite, are targeted 50 times more frequently by phishers than the average employee, making them riskier and more vulnerable to attacks.
  • The top 5 most common riskiest behaviors are:

Failing logins/forgetting passwords


Clicking on phishing emails


Installing adware


Using P2P software and private VPNs


Streaming pirated content

While the actions could be thwarted with simple daily reminders, many organizations still apply a one-size-fits-all approach to security awareness coaching. As data breaches, phishing attacks, and ransomware incidents flood news headlines, it’s evident the current cybersecurity ‘best practices’ are not working.

Personalized security awareness coaching has been quantifiably proven to make positive changes in behavior. Personalized microlessons facilitate positive individual behavior that ultimately helps organizations to strengthen their human firewalls. Interested in learning more about how to identify and positively change risky employee behavior? Click here to download the full report.

Learn how SecurityAdvisor can help your team

Schedule some time to talk with one of our experts and they will show you how we can help your organization.

Get a demo Today