Employees are Cyber Secure in Theory, But Not in Practice [Infographic]
— February 4, 2019
Across the world, cybersecurity has moved from the shadows to center stage, due to increasing malware attacks and the soaring cost of resultant damages [predicted to rise to $ 6 trillion annually by 2021].
It’s no surprise therefore that Forbes predicts that cybersecurity is a top business priority in 2019 across organizations: “In 2019, cybersecurity concerns will be a major topic in the boardroom and executive offices of every significant enterprise.”
Apart from technology that helps secure the organization from cybercrime, attention is being drawn to the crucial human element in keeping the organization safe. Verizon’s 2018 Data Breach Report puts human error as the cause of one in five breaches. According to Wombat Security’s State of the Phish, 83% of businesses reported being a victim of a phishing attack in 2018. An employee can be an organization’s weakest link or its strongest defense against cybercrime.
To better understand U.S. employees’ cyber threat preparedness, Spanning conducted a survey of over 400 workers on their awareness of and tendency towards risky online behavior. Here is a summary of the results with our advice to fill in the security gaps.
Security Gap #1: Politeness Gets the Better of Security
When respondents were presented with a scenario where their colleague was having trouble logging in to a business application and that they had a deadline to submit their work by, almost half of all respondents said they would let their colleague use their computer to login. Amongst those with administrative access, only 35 percent responded that they would refuse to allow a colleague to access their device.
Mind the Gap: Emphasize “Security Above All” to employees, particularly to executives. Advise them not to give out personal information on social media, a fertile hunting ground for spear-phishing.
Security Gap #2: Employees Surf at Work, But Can’t Spot an Unsecure Site
More than half (52%) of the employees polled admitted to shopping online from their work computer. What is worrisome though, was that just under half (49%) were able to correctly identify a broken padlock as being the key indicator of an unsafe site.
Mind the Gap: Train employees thoroughly to ensure that all sites they visit are secure: check for HTTPS, verify the trust seal padlock, avoid clicking on pop-ups and advertisements.
Security Gap #3: Anyone Can be Phished
Phishing is getting more sophisticated by the day, with personalized emails, known sender names and pertinent messages. When presented with a visual example, only 36 percent of all survey respondents correctly identified a suspicious link as being the key indicator of a phishing email.
Mind the Gap: Regularly train employees about pointers to identify phishing emails including checking the sender’s email ID and the URL (without just going by the name) and questioning the email’s tone. When in doubt DON’T click!
Security Gap #4: We’re Human After All!
Nearly 7 in 10 of respondents admitted to accidentally deleting files. 55 percent of employees admitted to clicking on links they didn’t recognize, and nearly half have downloaded a web extension to their work device. Furthermore, 20 percent of workers reported that they share passwords over text or email.
Mind the Gap: Data loss due to human error is a likely risk. While security awareness and training can go a long way in preventing an erroneous click, your data needs a more secure safety net. A reliable backup and restore solution backs up your valuable data unobtrusively and accurately, so in the event malware or human error strikes, you can quickly restore your data just like it was before – thus making recovery easy and fast, without impacting your data, business or customers.
It Only Takes One
The results of this survey are instructive to IT leaders at organizations of all sizes. It only takes one…one employee, one email, one ransomware attack. The results show that even though employees know the basic risks associated with strange looking emails and web pages, they lack a deeper understanding of how their online behaviors put business data at risk. Especially for organizations in highly-targeted industries, such as government and healthcare, leadership teams must have measures in place to quickly restore data and not rely on employees to keep hackers out.