Article posted: Oct 23, 2018
By Joakim Thorén, CEO
A New MediaPRO study surveying more than 1,000 employees across the United States reveals 75% of respondents pose a security risk to their organizations. Reported in Dark Reading, the survey also unveiled management team members were more likely to fall for popular phishing schemes than entry-level or mid-level employees.
MediaPRO's third annual State of Privacy and Security Awareness Report stated more people posed a security risk to their organizations in 2018 than last year and the number has nearly doubled since the initial survey in 2016. The study was based on a variety of questions that focus on real-world scenarios, such as correctly identifying personal information, logging on to public Wi-Fi networks, and spotting phishing emails. Based on the percentage of privacy- and security-aware behaviors, respondents were assigned to one of three risk profiles: risk, novice, or hero.
One of the more frightening scenarios revolved around phishing emails. The survey noted 14% of employees could not identify a phishing attack, a notable increase from 8% in 2017. And, 58% could not define business email compromise schemes. While 81% said they would report the suspected phishing email to their IT department - the correct response -- it still leaves room for phishing attacks to succeed.
Phishing attacks are those in which the perpetrator attempts to lure someone into providing information that makes it easier for the hacker to get into that user's system - such as a password or other log-in details. When users also must have a secondary means of egress into the system, such as a one-time code, physical or virtual security card or smart key, hackers have a much more difficult time.
Want to avoid phishing schemes? Security keys, cards or other means of two-factor authentication are very important, but just as important is letting users know they should NOT respond to suspicious emails and immediately report those emails to their IT departments. Never click on a questionable email or give personal or company data to questionable sources.
Organizations are under constant attack from hackers, and educating employees on security along with strong identity and access management solutions are critical to protect their mission-critical data. To learn more about how Versasec and its award-winning identity and access management solution, vSEC:CMS can help your organization improve its security, visit https://versasec.com/vsec-cms.php.