Embed Size (px)
Citation preview
2016 STATE OF PRIVACY ANDSECURITY AWARENESS REPORT88% of Employees Lack the Basic Awareness to Stop
Preventable Privacy or Security Incidents
These individuals put their organizations at serious risk for a privacy or security incident. Such incidents can mean big trouble for an organization, including loss of consumer trust, financial and reputation damages, and more.
RISK
16%
Novices have a good understanding of the basics, but could stand to learn more. They should remember that even one wrong decision or mistake can lead to a security and/or privacy incident.
NOVICE
72%
These individuals know their stuff, including how to identify and properly dispose of personal information, recognize phishing attempts and malware, and keep information safe while working remotely.
HERO
12%
RISK 0 - 23 00.0% - 74.2%
SURVEY SCORE RANGE PERCENT RANGE
NOVICE 24 - 28 77.4% - 90.3%
SURVEY SCORE RANGE PERCENT RANGE
HERO 29 - 31 93.5% - 100%
SURVEY SCORE RANGE PERCENT RANGE
PRIVACY & SECURITY AWARENESS IQ SURVEY KEY FINDINGS
We invite you to take the survey yourself, benchmark against your peers, and figure out which risk areas may be a cause for concern.
READ ON TO LEARN MORE:
ONLY 12% OF EMPLOYEES HAVE A HIGH ENOUGH AWARENESS IQTO AVOID PREVENTABLE PRIVACY OR SECURITY INCIDENTS.
Organizations face numerous threats that compromise the security of critical information. And when risky behavior goes unchecked, many employees continue to unintentionally put their organizations' sensitive data at risk.
This survey was conducted by MediaPro to formulate a baselinePrivacy & Security Awareness IQ for organizations assessingtheir risk profiles.
?We surveyed nearly 1,000 employees, testing their know-how across eight security and privacy scenarios. What follows are
the key takeaways along with a few best practices.
These figures represent the percentage of survey respondents who showedrisky behaviors in each of the eight risk areas.
Overall, the average survey respondent achieved a NOVICE score,which still leaves organizations vulnerable to threats.
26%INCIDENT REPORTING
20%WORKING REMOTELY
19%ACCESS CONTROLS
19%IDENTIFYING PERSONAL INFORMATION
18%IDENTIFYING MALWARE WARNING SIGNS
15%CLOUD COMPUTING
14%SOCIAL MEDIA
13%IDENTIFYING PHISHING ATTEMPTS
AWARENESS OF EMPLOYEES IN 8 RISK AREAS
39%chose to discard a potential password hint in an unsecured
trash bin.
Passwords and password hints should be kept under lock and key and disposed of by shredding, or some other secure means.
BEST PRACTICE
TAKEAWAY
25%failed to recognize a sample
phishing email with a questionable “from” address and an attachment.
Only emails from trustworthy sources should be opened. Any emails with an attachment should be given extra scrutiny.
BEST PRACTICE
TAKEAWAY
thought it was acceptable to use a personal USB drive to transfer work
documents when working remotely.
Most companies do not allow employees to usea personal flash drive (personal portable mediaor even a personalcloud drive) to storebusiness information. Such information should
only be stored on secure and approved work devices.
BEST PRACTICE
TAKEAWAY
30%thought it was acceptable to post on behalf of their company, even to a personal social media account.
Posting about company matters on social media could lead to reputational damage and canbe in violation of an organization's code ofconduct. Always abide byan organization’s internalpolicipolicies when it comesto posting aboutcompany matterson social media.
BEST PRACTICE
TAKEAWAY
KEY TAKEAWAYS AND BEST PRACTICES
https://www.mediapro.com/awareness-iq
TAKE THE SURVEY NOW!
All responses are 100% anonymous.
WHAT'S YOUR PRIVACY & SECURITY AWARENESS IQ?
