When it comes to cybersecurity wisdom, most workers overrate themselves significantly, a new report from Kaspersky reveals.
Based on a survey of 12,500 Kaspersky Security Awareness Platform users, trained between January and April 2022, the report suggests our knowledge of cybersecurity is a lot worse than we think, and we’re susceptible to attacks as a result.
According to the report, 90% of employees “overestimate” their knowledge in cybersecurity basics, while “inappropriate usage” of IT resources remains the most common mistake.
Common mistakes
The study revealed that 83% of workers don’t know what card details shouldn’t be sent over email, 73% don’t know how to check all signs showing someone accessed their account, and 70% don’t know what to do if a newly bought app from the Google Play store suddenly asks for their Gmail password.
Furthermore, 51% don’t know what to do if a colleague asks for their computer credentials while they’re on a business trip.
When it comes to confidential corporate data, people are more vigilant. Almost everyone (99%) answered correctly the questions about protecting this type of data. For Denis Barinov, Head of Kaspersky Academy, this isn’t much of a surprise.
“It is understandable that people tend to be more careful with confidential information. This kind of data, by definition, implies that an employee must be more attentive while working with it,” he said.
“At the same time, sending information via email and entering passwords are part of our everyday routine and, at first sight, don’t pose any special risks. However, this negligence can be costly for a company, as criminals still employ old methods of cybercrime, such as the brute force of phishing. That is why it is important that corporate cybersecurity training uncovers all possible weaknesses and vulnerabilities even in most common everyday scenarios.”
As most corporate systems nowadays are well-guarded and heavily defended with firewalls, tough password policies, antivirus, and malware protection services, the employees remain the weakest link, and every threat actor’s best chance at a successful compromise.
That is why it is essential for every employee to adopt healthy cybersecurity practices, such as generating strong passwords, not sharing them with household members or co-workers, updating them frequently, deploying two-factor authentication, as well as connecting to corporate networks via VPN.