With 80% of people saying cybersecurity is a priority, the disparity between what they believe is important and their ability to protect themselves puts organizations at risk.
Whether you realize it or not, it’s critically important that your users know how to secure themselves outside the office environment. Good security practices in their personal life equate to good security practices in the workplace. But according to U.K. government’s National Cyber Security Centre’s first ever U.K. Cyber Survey it appears that while trying to do their best, individuals simply aren’t trained and, therefore, prepared for cyber attacks.
Nearly half (46%) state that most information about how to be secure online is confusing. And 70% believe they will likely be a victim of at least one specific type of cyber crime over the next two years.
One of the more interesting findings is that only 21% use some form of password manager (which does reasonably imply the individual has separate passwords for each website, application, etc. they use). This means the remaining 79% have less than best-practice levels of password management.
At the same time as this report, the NCSC also posted an article about the most hacked passwords based on the Have I Been Pwned data set. With insecure passwords like “123456” being found over 23 million times in the collected data, it’s reasonable to conclude that the majority of individuals are not security-conscious when online.
This puts the organization at risk, as these same users are visiting the web from corporate endpoints for personal use. Unsafe web browsing and email practices mean a higher likelihood of becoming a victim of a phishing scam and social engineering.
Organizations need to educate users with Security Awareness Training on the need for good password hygiene, complex and unique passwords, and how to protect themselves online. By doing so in the context of business, users will adopt these same mindset for personal use.