Jessica O'ConnorEveryday employee behaviour is becoming a growing cybersecurity risk for organisations, with HR teams playing an increasingly important role in prevention, according to experts at FLR Spectron.
Despite continued investment in advanced security tools, many data breaches still originate from routine workplace habits such as password reuse and insecure remote working.
With cyber incidents costing UK businesses millions each year, the issue is increasingly being viewed as a culture and training challenge rather than solely an IT concern.
FLR Spectron identified five common behaviours that can expose organisations to risk.
These include reusing passwords across work and personal accounts, which can allow attackers to gain access to corporate systems if personal credentials are compromised.
The use of public Wi-Fi for work tasks also remains a concern, particularly in hybrid working environments, where unsecured networks can expose sensitive information to interception.
Other risks highlighted include clicking on unverified links or QR codes, known as “quishing”, storing passwords in unsecured apps or browser autofill systems, and forwarding work emails to personal accounts, which can bypass organisational security controls.
The company said these behaviours can create vulnerabilities that may lead to data breaches, regulatory issues and reputational damage.
As a result, HR teams are being encouraged to take a more active role in strengthening cybersecurity culture.
This includes embedding secure password practices, supporting safer remote working, and delivering ongoing phishing awareness training.
Organisations are also advised to review policies around personal device and email use, and to integrate cybersecurity awareness into onboarding and continuous learning programmes.
Kamran Bahdur, chief information officer at FLR Spectron, said: “Most cyber breaches don’t start with elite hackers – they start with everyday habits. Reused passwords, unsafe remote working, and momentary lapses in judgement remain some of the biggest risks facing UK organisations.
“Cybersecurity today is as much about shaping secure behaviours as it is deploying the right technology. HR leaders have a pivotal role in building a culture where secure working practices become second nature.”
