MediaPro, a security training vendor, found in a new a survey that 88 percent of employees lack the awareness to stop preventable cyberincidents. What’s more, 16 percent of respondents scored low enough to warrant a “Risk” profile by exhibiting behaviors that put their organizations at serious risk for a privacy or security incident.
In a press release, the company, which surveyed more than 1,000 employees across the U.S. to quantify the current state of privacy and security awareness, said it found 72 percent of respondents were given a “Novice” profile, meaning they understand the basics but are dangerously close to one wrong decision or mistake leading to a security or privacy incident. What’s more, only 12 percent of respondents were given a “Hero” profile, indicating a strong knowledge of security and privacy best practices, and are likely well-prepared to deal with many cyberthreats.
“This survey clearly shows the human threat vector is still largely unsecured, and most organizations don’t really know whether their employees have the necessary level of data protection awareness to avoid preventable incidents,” said Steve Conrad, MediaPro’s founder and managing director, in the press release. “We invite more organizations and their employees to take this free survey to give them a clearer picture of their human-based risk areas.”
Other notable findings from the report include the fact that close to 40 percent of respondents chose to discard a potential password hint in an unsecure manner rather than disposing of it by secure means. Of the survey respondents, 25 percent failed to recognize a sample phishing email with a questionable “From” address and attachment, and more than 26 percent of respondents thought it was acceptable to use a personal USB drive to transfer work documents when working remotely.
“The risk landscape for employees is constantly changing, and this survey illustrates that employees are having trouble keeping up,” said Tom Pendergast, MediaPro’s chief strategist for security, privacy and compliance, also in the press release. “The clear solution is the implementation of an adaptive awareness program that is flexible enough to adjust not only to today’s threats but the threats of tomorrow. Without an adaptive program, you’re going to have a hard time surviving, let alone thriving, in today’s tumultuous data protection landscape.”