MediaPro conducted a survey checking employees` knowledge of data privacy and cybersecurity and the results showed that 88% of them are not prepared if it comes to a cyber-attack.
In the survey, 1,000 American employees were tested of their privacy and security awareness. The survey revealed their knowledge trends across eight risk domains, ranging from working remotely to properly identifying phishing attempts. Based on the results, each employee was assigned to one of three risk profiles, which indicate their security and privacy awareness IQ.
The profiles are Risk, Novice, and Hero. Depending on the number of proper behaviors correctly identified, an employee is assigned to one of them. The more correct behaviors an employee can identify, the less of a privacy or security risk they represent.
Below are some key findings from the research:
• 16% of the employees were assigned to the Risk profile as their behaviors clearly indicated that they represent a serious risk for their companies` privacy and security.
• 72% scored good enough to be put in the Novice profile, which means they are aware of the basics. However, they were very close to a single wrong decision, which puts the organization in a huge risk of a security or privacy incident.
• Only 12% of the respondents were assigned to the Hero profile based on their behaviors, which indicated they are completely aware of the security and privacy best practices hence they are don’t represent a risk to their firms.
• 40% if the employees discarded a potential password hint in an insecure manner instead of disposing of it by secure means.
• 25% were not able to distinguish a sample phishing attack with suspicious sender and attachment.
• 26% of the respondents didn’t find anything wrong with the usage of a personal USB drive for transferring work-related documents.
“The risk landscape for employees is constantly changing, and this survey illustrates that employees are having trouble keeping up.” – said Tom Pendergast, MediaPro’s chief strategist, for security, privacy, and compliance – “The clear solution is the implementation of an adaptive awareness program that is flexible enough to adjust not only to today’s threats, but the threats of tomorrow. Without an adaptive program, you’re going to have a hard time surviving, let alone thriving, in today’s tumultuous data protection landscape.”
– Image Source: helpnetsecurity.com