Nearly one in five people who found a random USB stick in a public place picked up the device and plugged it into their personal or work device, a recent survey conducted on behalf of CompTIA revealed. This behavior poses significant risks not only to individuals but also corporate IT systems.
With the cybersecurity threat landscape facing companies becoming increasingly complex, employees who practice unsafe cybersecurity habits put both themselves and their employer at risk. According to a CompTIA-commissioned survey of 1,200 full-time workers across the U.S., 45 percent say they do not receive any form of cybersecurity training at work. Among companies that do administer cybersecurity training, 15 percent still rely on paper-based training manuals.
The survey and corresponding whitepaper, Cyber Secure: A Look at Employee Cybersecurity Habits in the Workplace, examines technology use, security habits and level of cybersecurity awareness of workers.
Along with the survey, CompTIA commissioned a social experiment to observe first-hand cybersecurity habits. In the experiment, 200 unbranded USB flash drives were left in high-traffic, public locations in Chicago, Cleveland, San Francisco and Washington, D.C. In about one in five instances, the flash drives were picked up and plugged into a device. Users then proceeded to engage in several potentially risky behaviors: opening text files, clicking on unfamiliar web links, or sending messages to a listed email address.
NBC 5 in Chicago recently covered the results of the survey and and social experiment and reported on the findings in this news piece.
In an effort to better educate employees in the workforce on cybersecurity awareness and prevention CompTIA has introduced CompTIA CyberSecure, a self-paced, online course designed to educate everyone in the workplace – from the front desk receptionist to the company owner or chief executive – on the cybersecurity best practices that are vital to protecting the business.
The course covers six primary learning objectives:
- Protecting yourself and your company from information leaks.
- Basic categories of information security threats.
- Cultivating a safe information mindset.
- Cultivating a safe environment.
- Implementing safety strategies online.
- Protecting data and networks.
Each category delivers results-driven behavior modification training on information security in a way that’s engaging for the employee and efficient for the employer.