An alarming new report from CompTIA shows that people do not have the common sense to avoid connecting a USB stick that they accidentally found on their way, exposing themselves to a whole host of unknown threats.
The report is based on a survey surveyed across US 1.200 full-time workers and concerned practices for their own safety and the safety of their employer.
Although similar research has been commissioned by many other IT security companies, the latter has been accompanied by an interesting social experiment.
According to the report, 200 USB sticks left in public view, in four US cities with headquarters of high-end companies: Chicago, Cleveland, San Francisco and Washington.
One in five people got the USB and then connected it to his computer
The survey showed that: 17% of people who found their USB were curious and so blindly connected with their computer, ignoring any common sense that might well be a computer virus carrier.
The USB devices used in the experiment contained a text file that asked the user to send an e-mail to a specific address, or to click through a trackable URL.
This allowed on CompTIA know directly how many people connected the USB and childishly followed the file's instructions.
Modern workers have no common sense or have no training on security issues
Among strange and inexperienced users there were employees at San Francisco International Airport and multinational companies.
Some strange cases about how people think, were that some users who connected the USB then sent a message to the file's email address asking if the USB drive they found contained viruses !!!!!
In addition to the social experiment, the report also asked a questionnaire to 1.200 employees. Some of the most interesting finds are:
- 63% of employees admitted to using their smartphone in their work for personal activities
- 94% of employees connect laptops and cell phones to public Wi-Fi networks
- 49% of employees have at least 10 links to websites (logins)
- 34% of employees have at least 10 unique sitelinks
- 37% of employees only change their passwords once a year
- 41% of employees do not know what the identity of two factors is
- 19% of employees had personally identifiable information that was violated in the last 2 years
- 45% of employees do not receive any cyber security training from employers
- 57% of employees use paid anti-virus software
For more details and interesting ideas, you can view the full CompTIA report entitled: Cyber Secure: A Look at Employee Cybersecurity Habits in the Workplace