Reposted from BetaNews
A survey of more than 400 full-time employees in the US shows that, despite having a general understanding of security risks, people still tend towards unsafe behavior.
The study by Spanning Cloud Apps finds many are under-prepared for the increasing sophistication and instance of ransomware and phishing attacks. More than half (55 percent) admit to clicking links they don't recognize, 59 percent say they would allow a colleague to use their work computer and 34 percent are unable to identify an insecure eCommerce site.
Recognition of of unfamiliar URLs from popular sites like Facebook and the New York Times, along with aversion towards potential malicious links, such as bit.ly, is generally high, with 87 percent of respondents demonstrating caution around these URLs. However, 13 percent of employees still do click on short URLs.
More than 52 percent of all employees and 62 percent of admin holders polled say they shop online from their work computer. But when presented with an example of an insecure eCommerce browser window, only 34 percent of employees responded that they felt the site was secure. Under half (49 percent) of all employees polled who indicated the site was insecure were able to correctly identify a broken padlock as being the key indicator of an unsafe site. In addition only 36 percent of all employees correctly identified a suspicious link as being the key indicator of a phishing email.
"While we are encouraged to see that employees are becoming more risk averse, and most can identify unsecure sites or phishing emails, these results show that there is still a concerning gap between what users say they understand and how they actually behave," says Mat Hamlin, VP of Products at Spanning.
"Organizations need to improve security awareness and training while still preparing for the worst, which is why backup of all critical data, including SaaS, is more important than ever, especially considering that 25 percent of these survey respondents indicated they have lost data in G Suite or Microsoft Office 365 in the past."
See Original Post