Statistics from students of a corporate security awareness platform show that people most frequently make mistakes answering questions related to email and password usage. Tasks around these topics are in the top 5 most commonly failed by users.
The compliance of staff members remains one of the biggest concerns when it comes to cybersecurity: a recent survey of IT workers shows that inappropriate usage of IT resources by employees is the most common incident they face in their work. At the same time, 90% of employees tend to overestimate their knowledge of cybersecurity basics.
To identify the most vulnerable areas in corporate cybersecurity awareness, Kaspersky analysed the answers given by people while going through the online security awareness quiz[1]. According to the internal Kaspersky Automated Security Awareness Platform data, the most difficult question - with 83% of wrong answers - is asking what card details shouldn’t be emailed. The remaining four of the five most frequent wrongly answered questions consist of tasks regarding email interaction and password usage:
- Check all signs showing that someone has accessed your account. (73% answered incorrectly);
- You buy an app from the Google Play store and the system suddenly asks you to enter your Gmail email password. What should you do? (70% answered incorrectly);
- Fraudsters have hacked your friend's email. He will not restore access to the mailbox, claiming that he has not used it for many years and does not store any important information there. Explain why access still needs to be restored. (70% answered incorrectly);
- You are on a business trip, and your Internet access is unstable. While you are in another city, a colleague urgently needs a document that can only be accessed from your work account. This colleague asks you for a password from your computer. What should you do? (51% answered incorrectly).
Users show more vigilance when it comes to confidential corporate data. 99% of people correctly answered the questions devoted to sensitive information leakage or if a person with access to confidential documents leaves the company.
“It is understandable that people tend to be more careful with confidential information. This kind of data, by definition, implies that an employee must be more attentive while working with it. At the same time, sending information via email and entering passwords are part of our everyday routine and, at first sight, don’t pose any special risks. However, this negligence can be costly for a company, as criminals still employ old methods of cybercrime, such as the brute force of phishing. That is why it is important that corporate cybersecurity training uncovers all possible weaknesses and vulnerabilities even in most common everyday scenarios.” - comments Denis Barinov, Head of Kaspersky Academy.
To help companies refresh their employees’ cybersecurity knowledge around the essential parts of their work and personal interactions, Kaspersky has introduced a free online course on social media. As cybercriminals relish the opportunity to use social networks to obtain the information they need to carry out attacks against ordinary users and their employers, the course will teach staff how to avoid becoming a victim of social media scams. To benefit from training on safeguarding your online life, learn which information you should avoid sharing via the Internet, and how to avoid social engineering, please visit our website.
[1] Statistics are based on the results of 12 500 Kaspersky Security Awareness Platform users, trained between January – April 2022.