We've blogged about other recent studies of security. They're in substantial agreement. Here's one from Gemalto, and it reports that more than 4.5 billion digital records, each with an estimated average value of $148, were compromised in data breaches during the first half of 2018. The breaches have a staggering financial and operational impact.
The survey of 400 full-time U.S. employees found a general understanding of security risk, but risky online behaviors. The survey concluded:
- Workers understand cyber basics. 80% would not share passwords via email or text and most had passwords that included letters, numbers and symbols.
- Employees shop on the clock. 52% of employees and 62% of those with administrative access admit shopping on-line from their work computer. Only 30% percent were able to identify secure e-commerce sites. Shopping on-line need not risky, but employees using work machines without due caution leave an organization vulnerable to compromise.
- Kindness takes priority over security. Nearly 50% admitted they would allow a fellow employee to use their work machine. Only 35% of employees with administrative access would refuse to let a colleague use their device.
- People continue to swallow phishbait. Only 36% of employees polled were able to identify suspicious links as an indicator of a phishing email.
The current baseline understanding of on-line security needs ramping up through training at all levels. A whole-of-organization approach is called for, and tailored interactive training can help build a culture in which each employee recognizes their responsibility to stay safe and secure online.
SC Media has the story: https://www.scmagazine.com/home/security-news/pinpointing-risky-employee-behaviors-enables-it-leaders-to-reduce-risk/