You can usually get hilarious responses from people when they don’t quite know they are being watched. Unfortunately, you can also get some sad, dumb, and scary responses.
USB drives, which are convenient for transferirng music, documents, and other files, can also be great ways to transport viruses from one computer to another. Carelessly using an unknown USB can lead to malware or other malicious content, quickly infecting an organization’s entire computer system.
From August to October, CompTIA had consumers unknowingly participate in a social experiment to observe their cybersecurity habits. According to the report:
200 unbranded USB sticks were dropped across high traffic public spaces – such as airports, coffee shops and public squares in business districts – including Chicago, Cleveland, San Francisco and Washington D.C.. The sticks were preprogrammed with text files prompting anyone who plugged the found USB sticks in to email a specific address or click through a trackable link.
After a few weeks, the data collected concluded that 17% of passersby picked up the USB disk and plugged it into their computer.
The results also showed that those who fell prey to the experiment were not all technology novices without experience or exposure to cyber threats. The report identified that a number of information technology employees decided to plug-and-play with the random USB.
The report concluded that it is the younger generation, not our grandmothers and grandfathers, that are playing Russian roulette with cybersecurity. Forty percent of Millennials were likely to pick up a USB stick found in public, as compared with 22% of Gen X and 9% of Baby Boomers.
Todd Thibodeaux, president and chief executive officer of CompTIA, told Info Security Magazine:
We can’t expect employees to act securely without providing them with the knowledge and resources to do so. Employees are the first line of defense, so it’s imperative that organizations make it a priority to train all employees on %best practices.
In an email to the Daily Caller News Foundation, Thibodeaux outlined four steps for employers to address cybersecurity with an audience that is unfamiliar with the topic. First, create policies that define corporate security guidelines. Second, establish processes to maintain security integrity. Third, use products to assist in monitoring and protection. Finally, have individuals who are trained so that they are more cyber-aware.
The last point was the most critical for Thibodeaux. “The best security technology products and the most comprehensive policies and processes,” he said, “won’t work without appropriate human action. Spreading cybersecurity awareness, knowledge and training throughout the entire organization is essential.”
The USB experiment, however, was only one facet of the report and the rest of the results were also a little disconcerting.
According to the study, 45% of employees receive no cybersecurity training from their employers; only 35% make changing all of their login information their first response after discovering a security breach; and of employees with ten different login accounts, 66% do not have at least ten unique username and password combinations.
Thibodeaux told the Daily Caller News Foundation:
The results certainly drive home the point that the IT industry has recognized for some time. The person using the PC, laptop, tablet or smart phone is the weakest link in an organization’s security defense. This risk is heightened as the workforce becomes more mobile. The mobile workforce is a boon to business agility, customer engagement and employee productivity. But it’s also created a cybersecurity nightmare. Every device that employees use to conduct business – smartphones and smartwatches, tablets and laptops – is a potential security vulnerability. Companies that fail to acknowledge and address this fact face the very real risk of becoming a victim of cyber criminals and hackers.
This report, by Steve Ambrose, was cross-posted by arrangement with the Daily Caller News Foundation.