According to a recent study by MediaPro, a provider of privacy and security awareness training, best practices for privacy and security are still not well understood by 70% of U.S. employees.
For the study, MediaPro questioned 1,012 U.S. workers and posed them a range of questions to determine their understanding of privacy and security, whether they adhered to industry best practices, and to find out what sorts of risky behaviors they engage in. 19.7% of respondents came from the healthcare sector – the best represented industry in the study.
Respondents were scored on their overall privacy and security awareness scores, being sorted into categories as a hero, novice, or a risk to their group. 70% of respondents were categorized as a novice or danger. In 2016 when the study was conducted, 88% of U.S. workers were rated as a novice or risk.
In 2016, only 12% of respondents ranked as a hero. This year the percentage grew to 30% – a good sign that some employees have responded to training and are taking more care at work. Alarmingly, while the percentage of novices dropped from 72% last year to 51% in 2017, the number of workers classed as a risk increased from 16% in 2016 to 19% this year.
Tom Pendergast, chief strategist for security, privacy, and compliance at MediaPro explained that in the risk category, there are two areas that have been constantly poor over the past two years: Physical security and safe remote working/mobile computing. In the mobile computing category, one of the biggest dangers was connecting to insecure Wi-Fi networks. The percentage of respondents that admitted doing this grew from 45% last year to 62.3% this year – overall, 19% of respondents said they use risky practices when working remotely.
The overall scores across six of the eight categories being tested improved year over year, with notable improvements in locating malware and phishing threats, reporting incidents, working from remote locations, identifying personal information and cloud computing.
The two areas where there was drop were physical security, like allowing individuals into a facility without checking identification, and social media security, like as posting personal and sensitive company information on social media accounts.
Perhaps the biggest danger faced by groups today is phishing. Phishing emails are the main method of delivering malware and ransomware and stealing sensitive information such as login credentials.
Respondents were asked about their phishing awareness and were shown four emails, which they were asked to score as legitimate or phishy. 8% of respondents were unable to recognize the phishing emails properly. Out of the phishing emails tested, the email offering a stock tip from a well-known investor tricked the most respondents. 92% of respondents were able to recognize a phishing email with a potentially dangerous attachment, up from 75% last year.