As with last year’s study, the findings of the 2018 User Risk Report are sometimes heartening, occasionally perplexing, and frequently terrifying — but always enlightening.
We found that, globally, smartphones and home WiFi networks are used by more than 90% of working adults, and 39% of respondents said they blend work and personal activities on their smartphones. Unfortunately, many of these individuals are not taking basic security measures, which is putting organizations at greater risk (particularly those that support remote and/or traveling workers).
Following are a few key areas for improvement:
- 44% of global respondents do not password-protect their home WiFi networks, and 66% have not changed the default password on their WiFi routers.
- 55% of workers who use employer-issued devices at home allow family members to use them for things like shopping online and playing games.
- 67% believe using antivirus software and keeping it up to date will stop cyberattacks from affecting their computer.
- Among working adults who do not use a password manager, more than 60% admitted to reusing passwords across multiple online accounts.
Time to Lead the Charge for User Awareness
As the User Risk Report shows, working adults around the globe still lack awareness of fundamental cybersecurity topics — including those noted above, as well as phishing, ransomware, and malware. Clearly, it’s time for infosec teams to take a hard look at how they are approaching security awareness training and to consider how deeply a lack of cybersecurity education may be hurting organizational security postures.
Quite simply, it’s dangerous to continue making assumptions about what users do and do not know about cybersecurity best practices. What you think employees should know is of little relevance if they simply don’t know it. For cybersecurity to become an ongoing priority and pursuit for your end users, security awareness training must be an ongoing priority and pursuit for your organization.
Subscribe to the Proofpoint Blog