Most of us in InfoSec know what it's like.
A non-stop stream of new vendor research pings the inbox. All. Day. Long.
Each study calls out, asking for some of your time.
The problem is, it's difficult to figure out which ones can actually help you secure your organization.
That's why the SecureWorld team spends so much time sifting through it all. We're looking for value to pass along.
And after looking at Wombat Security's 2018 User Risk Report, we believe it is full of relevant information about how your employees—your end-users—are behaving on your network or with their corporate-issued laptop (and devices) at home.
Wombat Security, which is now a division of Proofpoint, also reveals some serious opportunities for shoring up security awareness training because of misconceptions which non-IT security employees hold.
Behind the Scenes interview: 2018 User Risk Report
Watch/listen to our Behind the Scenes interview with Wombat Security's security awareness experts Gretel Egan and Kurt Wescoe. Be prepared for surprises as you listen. The first one? Wombat tripled the number of employees surveyed this year.
Here are just a few of the findings from the report that highlight areas where users are putting the organization at risk, even if they are on the road or at home.
- 39% of users believe the network they connect to is secure if they are in a place they trust: a coffee shop, an airport, or their hotel.
- One in four employees say they use their company-issued laptop or device at home to do things like post to social media, stream entertainment, shop online, conduct research, and even play online games.
- 66% of employees have not changed the default password on their home Wi-Fi network, and 80% have never updated the device firmware.
"Outside of work, habits are influencing an employee's security posture at the organization," says Gretel Egan, Security Awareness and Training Strategist at Wombat Security."How people use their devices and view security at home carries over into the security posture they bring to work based on what they personally understand or do not understand."
And during our Behind the Scenes interview, it came up that some of the behaviors end-users admit to could put an organization's two- factor authentication (2FA) efforts at risk. Now that is relevant information.
The study also covers things like password use (and reuse) and knowledge of threats such as ransomware.
Listen to or watch our interview, or download the 2018 User Risk Report, which is complimentary.