A new OpenVPN survey of the cybersecurity habits of 500 US-based employees underscores what experts frequently state: your users can be your greatest security risk. Despite heightened security concern, the existence of company cybersecurity policies, and even exposure to security awareness education, users frequently put their company’s data at risk by failing to comply with best practices.
Paradoxically, the survey found that 60% of users rate “personal data compromise” as their top security concern. Yet many users still fail to follow even the most basic best practices to keep their identities and data safe.
- 25% of users use the same password for all their accounts
- Of those 25%, 81% don’t protect their mobile devices with passwords
- 23% admit they “frequently” click on links in potentially fraudulent emails before checking whether they are safe
Why is security hygiene “falling through the cracks” even though users—and their employers—are concerned about it? One reason, according to a study on cybersecurity policy by the market research firm Clutch, could be communication.
This study found employees generally follow cybersecurity best practices. But when security policy isn’t effectively communicated or employees perceive security policy interferes with their work (e.g., internet restrictions), they frequently engage in risky behavior.
According to this study, only 47% of employees were asked to formally acknowledge their company’s cybersecurity policy, and only 52% indicated their company had a cybersecurity policy in place. This indicates some employees know their company has a policy, but the company hasn’t formally explained it or made it clear that it’s important to comply with it.
Further, many employees “lacked nuanced understanding” of how their actions aligned with policy or impacted company-wide information security. This holds true despite the fact 52% of those polled receive cybersecurity policy training on an annual basis.
To connect with experts about how best to communicate security policies and procedures for real results, contact Pivot Point Security.