Random USB sticks a hazard to corporate security
Wed 28 Oct 2015
Employers must train their workers up to a higher standard with respect to cybersecurity best practices.
That’s the message delivered by non-profit IT industry association CompTIA in the wake of a survey of 1200 full-time US workers. The survey and its corresponding white paper Cyber Secure: A Look At Employee Cybersecurity Habits In The Workplace, raised a number of issues with respect to knowledge of cybersecurity best practices including passwords, personal accounts and usage of USB sticks.
CompTIA discovered that almost one in five people who found a random USB stick in a public place went on to use the drive in ways that posed cybersecurity threats not only to their personal devices and information, but also that of their employer.
A social experiment was conducted by CompTIA in which 200 unbranded USB devices were left in busy public places in the areas of Chicago, Cleveland, San Francisco and Washington D.C. The experiment discovered that around a fifth of these drives were picked up and subsequently plugged into a device. The users would then open text files, click on unfamiliar web links and send messages to a listed email address.
President and CEO of CompTIA, Todd Thibodeaux, said that such actions could lead to potential trouble: “These actions may seem innocuous, but each has the potential to open the door to the very real threat of becoming the victim of a hacker or a cybercriminal.”
Mr Thibodeaux said that it is vital for organisations to train all their employees on cybersecurity practices: “We can’t expect employees to act securely without providing them with the knowledge and resources to do so.” The survey found that current training offered was somewhat lacking. 45% of respondents said that they do not receive any kind of cybersecurity training at work – among those that do, 15% said that they had to make do with only paper-based training manuals.
Without sufficient training, greater risk is posed to organisations’ online security. The survey found that out of the 94% of full-time employees who regularly connect their laptop or mobile to public Wi-Fi, 69% handle work-related data. 63% of employees were also found to use their work mobile devices for personal applications. In addition, 36% of respondents used their work email for their personal accounts.
Password security is also a key problem. The same 36% who used their work email for personal use used their work passwords for personal accounts. The findings also found that 37% only change their work password on a sporadic or annual basis.
The results of the survey spotlighted the fact that each generation of Baby Boomers, Generation X and Millennials presented respective security challenges and risks. But the survey found that the last category (referring to those born between 1980 and 2000) posed particular problems. 27% have had their personal identifiable information hacked in the last two years (as opposed to 19% of all employees). 42% have had their work device infected with a virus in the last two years. Going back to the earlier experiment, Millennials were the most likely category to pick up a USB stick in public (40%).
Kelly Ricker, CompTIA’s senior vice president, events and education, concluded that organisations must take extra precautions and have effective training in place for the wave of new workers coming in. “Companies cannot treat cybersecurity training as a one-and-done activity. It needs to be an ongoing initiative that stretches to all employees across the organisation.”