Employees 'reckless' when it comes to cyber security
Employees exhibit ‘reckless behaviour’ when it comes to cyber security, a new report demonstrates. Many individuals demonstrated multiple behaviours that would compromise their cyber security, illustrating that despite awareness of security hygiene, failures to follow best practice are a frequent occurrence.
The report, published by a non-profit computing trade association CompTIA, surveyed 1,200 full-time US employees on their technology use, security awareness and habits.
Despite a notorious lack of security on public WiFi, 88.6 per cent of respondents would still connect their laptops to public WiFi and 70.7 per cent would connect their phones. Nearly 80 per cent would check their work emails using public WiFi and 60 per cent would use it to access work documents.
Millennials were the age group most likely to use public WiFi, although those aged between 25 and 39 were only four per cent less likely to connect their devices to the service.
Millennials were also the age group most likely to put their security at risk using USB devices, with 40 per cent willing to hypothetically pick up a USB device found in public, while only 22 per cent of baby boomers and generation X would do the same.
But USB sticks were found to be a cause for concern across all generations of workers: 58 per cent said they relied on USB-based storage drives to transfer files across devices, and 35 per cent had borrowed someone else’s USB stick to copy or transfer a file.
Passwords and authentication measures were also likely to seriously compromise security. 36 per cent said they used their work email address for personal accounts, while 38 per cent used work passwords for personal accounts.
68 per cent lacked any understanding of how two-factor authentication worked, with 41 per cent saying that they had never heard of the concept at all.
Only 48 per cent willingly applied two-factor authentication to their accounts. This could seriously compromise security, as 49 per cent of all respondents said they had more than ten accounts but only 35 per cent had individual logins for all accounts.
Employees were more likely to change their work passwords on a regular basis than their personal ones, although most would only change their passwords sporadically if at all.
Most respondents did use anti-virus software, and in the event of a virus or an attack on their devices the first instincts of most respondents was to change their passwords.
45 per cent of employees said they received no cyber security training whatsoever from their organisations, and of those that did, almost half were expected to glean an understanding of security practices from paper-based manuals and online modules rather than personal interaction.