During Covid-19, cyber attacks have been increasing dramatically. Which lead a lot of companies to invest in cybersecurity training. However, is that investment paying off? A new report suggest that it doesn’t.
A survey conducted by TalentLMS and Kenna Security showed that while 59% of employees received cybersecurity training from their companies in response to the COVID-19 outbreak, these initiatives may have been insufficient. In fact, of employees who received training, 61% failed a basic test afterwards. On the other hand, the survey also showed that employees are usually knowledgeable when it comes to laptop security, but not really aware about how to secure sensitive data and recognize harmful files – a combination which surely causes nightmare to data protection experts.
Some of the key findings of the report include:
- 59% of employees were trained on cybersecurity as a response to the work-from-home shift caused by COVID-19
- Having a cybersecurity training program in place isn’t enough to ensure cyber safety: 61% of employees who have received cybersecurity training failed a basic test
- Surprisingly, the highest fail rates were reported in the following two industries: Information services and data (83% of employees failed) and Software (73% of employees failed)
- 74% of respondents who answered all seven test questions incorrectly said they feel safe from cybersecurity threats
- 33% of employees store their passwords in their browsers, even though that puts network security at risk
- Remote employees collectively feel less safe from threats (63%), than office employees (51%)
On the positive side, the surve also showed that training had a good effect on some aspects of employees’ cybersecurity habits, for example when it comes to protecting their computers and passwords, these effects are not consistent across all areas. This brings to light some of the “blind spots” of cybersecurity training programs, which, if left unaddressed, create vulnerabilities that expose employees and their companies to cyber risks and attacks.
The elephant in the room here is the question how cybersecurity trainings can be made more effective. The employees surely had an idea: 52% of employees said they would like training to be presented in a simpler and less technical way, while 50% would like it to be more fun and gamified.
Vito Kritakis, CISO at employee training platform TalentLMS, points to another interesting result of the survey: “This survey revealed an interesting paradox — that office employees feel safer from cybersecurity threats than remote ones, and yet, they have much worse security habits. These bad habits have to do with password management, laptop encryption, and the use of personal devices. Ensuring employees have good habits in these areas should be part of a company’s basic security policies and procedures.
In addition to the finding that office employees feel safer from cybersecurity threats than their remote colleagues — despite having worse security habits, we can add this: companies tend to be less concerned about the habits of their office employees, than those of their remote employees. But the reality is that employers should not neglect security just because their staff is in an office environment. The quiz results showed that office workers have many blind spots when it comes to cyber safety, perhaps even more than remote workers.”
The survey definitely shows that the importance of cybersecurity cannot be underestimated. Additionally, it proves those companies wrong who think that remote work is per se less secure than working in the office – at least when it comes to the mindset of their employees.