While organisations continue to invest in advanced cybersecurity tools, many breaches still begin with something far more ordinary: everyday employee behaviour.
From password reuse to unsecured remote working, small digital habits can scale into major organisational risk. With data breaches costing UK businesses millions of pounds each year, cybersecurity is no longer just an IT responsibility โ it is increasingly a culture, training and governance issue for HR teams.
Cybersecurity experts at FLR Spectron have identified five common workplace behaviours that could be putting organisations at risk.
1. Password reuse across work and personal accounts
Reusing passwords across platforms significantly increases risk. If a personal account is compromised, attackers often attempt to use the same credentials to access corporate systems, potentially leading to large-scale data exposure.
2. Using public Wi-Fi for work tasks
Hybrid and remote working have increased reliance on public networks. However, unsecured Wi-Fi can expose login credentials and sensitive information through โman-in-the-middleโ attacks, where criminals intercept data between devices and networks.
3. Clicking QR codes or unverified links
Phishing remains one of the most common attack methods, with QR phishing (โquishingโ) on the rise. Fraudulent links and QR codes can direct employees to malicious websites designed to steal credentials.
4. Storing passwords in browsers or notes apps
Saving login credentials in unsecured notes apps or relying heavily on auto-fill features can create vulnerabilities if a device is compromised or stolen.
5. Forwarding work emails to personal accounts
Using personal email accounts for business tasks bypasses corporate security protections and can expose organisations to regulatory and legal risk, particularly when sensitive data is involved.
How HR Can Strengthen Cybersecurity Culture
As the custodians of organisational culture and training, HR teams have a critical role to play in reducing behavioural cyber risk.
Embed secure password practices
Encourage employees to create unique, complex passwords for work accounts and support the use of secure password management tools.
Support safer remote working
Provide guidance on avoiding public Wi-Fi where possible and promote the use of secure alternatives such as mobile hotspots or VPNs.
Deliver ongoing phishing awareness training
Create a culture where employees feel confident reporting suspicious emails without fear of blame. Simulated phishing exercises can help reinforce awareness.
Review policies around personal device and email use
Clear, practical policies โ combined with accessible corporate systems โ reduce the likelihood of employees turning to insecure workarounds.
Make cybersecurity part of onboarding and continuous learning
Embedding cyber awareness into onboarding, performance conversations and leadership messaging helps reinforce that cybersecurity is a shared responsibility.
Protecting Organisations from Within
Kamran Bahdur, Chief Information Officer at FLR Spectron, explains:
โMost cyber breaches donโt start with elite hackers โ they start with everyday habits. Reused passwords, unsafe remote working, and momentary lapses in judgement remain some of the biggest risks facing UK organisations.
Cybersecurity today is as much about shaping secure behaviours as it is deploying the right technology. HR leaders have a pivotal role in building a culture where secure working practices become second nature.โ
As hybrid work continues to evolve, organisations that address human risk alongside technical controls will be better positioned to prevent avoidable breaches, and protect both their data and their people.
