How Employees Put Their Company at Risk
- 1 of
-
How Employees Put Their Company at Risk
Many employees receive no cyber-security training, so they aren't familiar with the dangers of malware, nor do they know protective measures they should take. -
Untrained
45% of the U.S. employees surveyed receive no cyber-security training from their employer. -
Missing Connection
36% associate cyber-security with identity theft, while 18% associate the term with hacker. Only 8% think of malware when they think of cyber-security. -
Fuzzy Concept
41% of the survey respondents are not familiar with the concept of two-factor authentication. -
Work and Play
63% use their work-provided mobile device for personal activities, such as shopping, banking and social media interacting. -
Ubiquitous Access
94% of the employees surveyed connect their laptop and mobile device to public WiFi networks, and 69% of them deal with work-related data while on those networks. -
Unsecured Stick
58% rely on potentially risky USB-based storage drives to transfer files among devices, and 35% have borrowed someone else's USB stick to do that. -
Unprotected Practice
22% of respondents said they would pick up a stick they found in public, and 84% of those individuals would plug that USB drive into their own devices. -
Identity Issues, Part I
49% said they have at least 10 log-ins, and 34% have at least 10 unique log-ins. -
Identity Issues, Part II
36% use their work email addresses for personal accounts, and 38% use work passwords for personal accounts. -
Lax Approach
37% of the employees surveyed refresh their work passwords only on an annual or sporadic basis. -
How Employees Respond to a Virus or Hack
Change all device/account log-in credentials: 35%, Contact IT: 33%, Change log-in credential for affected device/account: 20%
Despite the abundance of publicity over organizations that have been hacked—Target, the U.S. Office of Personnel Management and Ashley Madison, to name just a few—workers still take part in risky device usage that could potentially expose their company to a variety of threats, according to a recent survey from CompTIA. The survey report, "Cyber Secure: A Look at Employee Cybersecurity Habits in the Workplace," reveals that a surprisingly large percentage of employees receive no cyber-security training on the job. As a result, they aren't as familiar with the dangers of malware as they should be, nor are many of them aware of proven protective measures such as two-factor authentication. Meanwhile, many employees consider their work and personal devices as one and the same—often calling up work-related data while connecting through vulnerable public WiFi networks. "The ecosystem of consumer technology is swelling, and the lines that once delineated device use are fading," the report states. "Employees use a variety of personal and corporate tools, but work devices aren't solely used for work purposes [and vice versa]. This blending of data puts the onus on organizations to ensure that employees understand what constitutes 'good' cyber-security hygiene and are equipped with the skills to demonstrate it." An estimated 1,200 U.S. employees took part in the research.