Lack of Cybersecurity for USKB Keys Impacts Organizations
CompTIA-commissioned survey
This is a Press Release edited by StorageNewsletter.com on November 3, 2015 at 3:14 pmNearly one in five people who found a random USB stick in a public setting proceeded to use the drive in ways that posed cybersecurity risks to their personal devices and information and potentially, that of their employer, a recent experiment conducted on behalf of Computing Technology Industry Association (CompTIA, Inc.) the IT industry association, revealed.
With the cybersecurity threat landscape facing companies growing increasingly complex, employees who practice unsafe cybersecurity habits put both themselves and their employer at risk.
“We can’t expect employees to act securely without providing them with the knowledge and resources to do so,” said Todd Thibodeaux, president and CEO, CompTIA. “Employees are the first line of defense, so it’s imperative that organizations make it a priority to train all employees on cybersecurity best practices.”
Yet according to a CompTIA-commissioned survey of 1,200 full-time workers across the U.S., 45% say they do not receive any form of cybersecurity training at work. Among companies that do administer cybersecurity training, 15% still rely on paper-based training manuals.
The survey and corresponding whitepaper, Cyber Secure: A Look at Employee Cybersecurity Habits in the Workplace, examines technology use, security habits and level of cybersecurity awareness of workers.
Along with the survey, CompTIA commissioned a social experiment to observe first-hand cybersecurity habits.
In the experiment, 200 unbranded USB flash drives were left in high-traffic, public locations in Chicago, Cleveland, San Francisco and Washington, D.C. In about one in five instances, the flash drives were picked up and plugged into a device. Users then proceeded to engage in several potentially risky behaviors: opening text files, clicking on unfamiliar web links or sending messages to a listed email address.
“These actions may seem innocuous, but each has the potential to open the door to the very real threat of becoming the victim of a hacker or a cybercriminal,” Thibodeaux noted.
Contributing to the potential cyber threat, the survey found 94% of full-time employees regularly connect their laptop or mobile devices to public Wi-Fi networks; and of those, 69% handle work-related data while doing so.
Employees also practice poor password protection, as 38% of employees have repurposed work passwords for personal purposes.
Further, 36% of employees use their work email address for personal accounts, while 38% use work passwords for personal accounts. This generates more points of exposure for organizations, and can be difficult to address without better training to spur behavioral changes.
Additional highlights from the survey include:
- 63% of employees use their work mobile device for personal activities.
- 27% of Millennials have had their personal identifiable information hacked within the past two years compared to 19% of all employees.
- 41% of employees do not know what two-factor authentication is.
- 37% of employees only change their work passwords annually or sporadically.
Age also factors into cybersecurity awareness; Baby Boomers, Gen X and Millennials each present unique security challenges and risks to organizations. 42% of Millennials have had a work device infected with a virus in the past two years, compared to 32% for all employees. 40% of Millennials are likely to pick up a USB stick found in public, compared to 22% of Gen X and nine% of Baby Boomers.
“With the wave of new workers coming in, organizations need to take extra precautions and make sure they have effective training in place,” said Kelly Ricker, SVP, events and education, CompTIA. “Companies cannot treat cybersecurity training as a one-and-done activity. It needs to be an ongoing initiative that stretches to all employees across the organization.“