How Employees Put Their Company at Risk

Despite the abundance of publicity over organizations that have been hacked—Target, the U.S. Office of Personnel Management and Ashley Madison, to name just a few—workers still take part in risky device usage that could potentially expose their company to a variety of threats, according to a recent survey from CompTIA. The survey report, "Cyber Secure: A Look at Employee Cybersecurity Habits in the Workplace," reveals that a surprisingly large percentage of employees receive no cyber-security training on the job. As a result, they aren't as familiar with the dangers of malware as they should be, nor are many of them aware of proven protective measures such as two-factor authentication. Meanwhile, many employees consider their work and personal devices as one and the same—often calling up work-related data while connecting through vulnerable public WiFi networks. "The ecosystem of consumer technology is swelling, and the lines that once delineated device use are fading," the report states. "Employees use a variety of personal and corporate tools, but work devices aren't solely used for work purposes [and vice versa]. This blending of data puts the onus on organizations to ensure that employees understand what constitutes 'good' cyber-security hygiene and are equipped with the skills to demonstrate it." An estimated 1,200 U.S. employees took part in the research.