An alarming new report from CompTIA shows that people do not have the common sense to avoid connecting a USB stick that they accidentally found on their way, exposing themselves to a whole host of unknown threats.
The report is based on a survey surveyed across US 1.200 full-time workers and concerned practices for their own safety and the safety of their employer.
Παρά το γεγονός ότι παρόμοιες έρευνες έχουν ανατεθεί από πολλές άλλες εταιρείες ασφάλειας information technologyς, η τελευταία συνοδεύτηκε από ένα ενδιαφέρον κοινωνικό πείραμα.
According to the report, 200 USB sticks left in public view, in four US cities with headquarters of high-end companies: Chicago, Cleveland, San Francisco and Washington.
One in five people got the USB and then connected it to his computer
The survey showed that: 17% of people who found their USB were curious and so blindly connected with their computer, ignoring any common sense that might well be a computer virus carrier.
The Appliances USB που χρησιμοποιήθηκαν στο πείραμα περιείχαν ένα αρχείο κειμένου το οποίο ζητούσε από το χρήστη να στείλει ένα μήνυμα ηλεκτρονικού ταχυδρομείου σε μια συγκεκριμένη διεύθυνση, ή να κάνει κλικ μέσα από ένα trackable URL.
This allowed on CompTIA know directly how many people connected the USB and childishly followed the file's instructions.
Modern workers have no common sense or have no training on security issues
Among strange and inexperienced users there were employees at San Francisco International Airport and multinational companies.
Some strange cases about how people think, were that some users who connected the USB then sent a message to the file's email address asking if the USB drive they found contained viruses !!!!!
In addition to the social experiment, the report also asked a questionnaire to 1.200 employees. Some of the most interesting finds are:
- 63% of employees admitted to using their smartphone in their work for personal activities
- Το 94% των εργαζομένων συνδέει φορητούς υπολογιστές και mobile phones σε δημόσια Wi-Fi networks
- 49% of employees have at least 10 connections on websites (logins)
- 34% of employees have at least 10 unique sitelinks
- 37% of employees only change their passwords once a year
- 41% of employees do not know what the identity of two factors is
- 19% of employees had personally identifiable information that was violated in the last 2 years
- 45% of employees do not receive any cyber security training from employers
- 57% of employees use paid anti-virus software
For more details and interesting ideas, you can view the full CompTIA report entitled: Cyber Secure: A Look at Employee Cybersecurity Habits in the Workplace
