When it comes to cybersecurity wisdom, most workers vastly overestimate themselves, a new report from Kaspersky reveals.
Based on a survey of 12,500 Kaspersky Security Awareness Platform users, trained between January and April 2022, the report suggests that our knowledge of cybersecurity is much worse than we think and therefore vulnerable to attacks.
According to the report, 90% of employees “overestimate” their knowledge of cybersecurity basics, while “inappropriate use” of IT resources remains the most common mistake.
The study found that 83% of workers don’t know which card details shouldn’t be emailed, 73% don’t know how to check for all signs that someone has accessed their account and 70% don’t know what to do. if a newly purchased app from the Google Play Store suddenly asks for their Gmail password.
Additionally, 51% don’t know what to do if a colleague asks for their computer credentials while on a business trip.
When it comes to confidential business data, people are more vigilant. Almost everyone (99%) correctly answered the questions about the protection of this type of data. For Denis Barinov, head of Kaspersky Academy, it’s not really a surprise.
“It’s understandable that people tend to be more cautious with confidential information. This type of data, by definition, means an employee needs to be more mindful when working with it,” he said.
“At the same time, sending information by e-mail and entering passwords are part of our daily routine and, at first glance, do not present any particular risks. However, this negligence can be costly for a business, as criminals still use old methods of cybercrime, such as brute force phishing. That’s why it’s important for companies’ cybersecurity training to reveal all possible weaknesses and vulnerabilities, even in the most common day-to-day scenarios.
As most business systems today are well-protected and heavily protected by firewalls, strict password policies, antivirus and malware protection services, employees remain the strongest link. low and the best chance for each threat actor to reach a successful compromise.
That’s why it’s essential that every employee adopts sound cybersecurity practices, such as generating strong passwords, not sharing them with household members or co-workers, updating them frequently, deploying authentication to two factors, as well as connecting to corporate networks via VPN.