Why Most Employees Fail at Basic Cybersecurity

More company leaders now understand that cybersecurity training is essential for keeping their businesses safer from attacks. However, a recent study suggests that providing such education for workers may not be sufficient.

Among the main findings was that 69% of people polled said they received cybersecurity training from their workplaces. However, 61% of those respondents failed a basic security quiz. Those outcomes suggest there are some educational challenges to overcome. Here are other issues confirmed by the study, plus some possibilities for fixing them.

Only 8% of Those Surveyed Knew Document Protection Steps

The cybersecurity quiz given to people in the survey contained seven questions, spanning USB drives to ransomware. A breakdown of how many people answered each question correctly showed that they had the most knowledge of laptop security.

However, just 8% of people knew the right actions to take to keep a document safe. Considering how many businesses receive documents with sensitive information, that could be a worthwhile topic to cover in future training sessions. It’s best to teach people how to encrypt their files and why.

Room for Improvement Exists in Email Security

The survey respondents also weighed in about some of the cybersecurity practices their employers make them follow. For example, three-quarters of organizations require people to periodically change their passwords. However, the results also showed that 73% of people do not use a password manager.

Since research elsewhere shows that one in every 131 emails has malware, cybersecurity training should ideally educate people about recognizing and reporting it. For example, going over some of the telltale malware signs and emphasizing that cybercriminals often capitalize on urgency are good starting points.

Most People Still Work on Public Wi-Fi Connections

Part of the survey covered the differences in people’s behaviors based on if they had or had not received cybersecurity training from their workplaces. For example, 48% of trained people use encryption compared to 28% of people without cybersecurity education.

There was a less prominent gap in the percentages of trained versus untrained employees who used public Wi-Fi connections while working. Interestingly, 60% of people with training engaged in that activity, but the total fell to 52% among employees without training. Public Wi-Fi is a convenience, but it carries known risks that could damage a business. If employees must use it, relying on a VPN is one option to make it more secure.

Worker Location Influences Perceived Safety

A recent PwC survey indicated that 83% of employers and 71% of those in the United States felt working at home during COVID-19 was a successful venture. Going back to the cybersecurity study, it showed that 63% of on-site workers and 51% of remote employees felt safe from online threats.

Moreover, remote workers generally engaged in better cybersecurity habits than their in-office counterparts. For example, 49% of remote workers protected their laptops with encryption, while 32% of office workers did that. Also, 32% of remote workers reported using password managers versus 20% of office employees. Those differences could indicate the need to get the workforce on the same page about cybersecurity best practices, regardless of their work locations.

Workers Want to See Cybersecurity Training Improvements

The last main section of the cybersecurity study asked workers how their employers could make training better. Most (52%) wanted the content to have simpler, less technical language. Making progress with that might mean teaching the content through real-life scenarios that people can quickly understand through their previous experiences. Another 50% of respondents wanted training that was more fun. Adding interactive, game-inspired elements could help achieve that.

Training session length was another concern brought up in the research. The results showed that 38% of people preferred shorter training periods rather than long ones. Since 12% said training was boring no matter how employers presented it, that suggests the need for workplaces to do major overhauls to reshape perspective.

Cybersecurity Training Still Makes Sense

Many of the findings in this survey confirmed that people with cybersecurity training more often engage in best practices than those without it. Thus, cybersecurity professionals and business owners should not consider doing away with teaching employees about staying safe online.

The smarter shift to make is one where cybersecurity training becomes more effective. That may mean covering certain topics in more depth, breaking the content down into more manageable modules or changing the material’s format. Giving people short, low-pressure quizzes about what they’ve recently learned can also be an excellent way to gauge their comprehension of the concepts.


No posts to display