Employers face a growing disconnect with employees in terms of overall cybersecurity, creating a dangerous gap. Certainly, employers can supply employees with secured work devices and training, but they still rely on employees to exercise judgement and care in their use. Moreover, use of personal devices on company networks poses a threat that can be harder to control and involves complicated issues of privacy.
The disconnect on cybersecurity is large. Only 19% of respondents received annual training in cybersecurity from their employer. And it shows. Although a common threat to cybersecurity, more than half of employees in a recent survey did not know what credential stuffing is. And, across the board, only 31% regularly change their passwords, 30% use multi-factor authentication, and 41% use cybersecurity software (e.g., anti-virus/anti-malware), although 80% report being “somewhat” or “very” concerned about the prospect of a cyber breach.
These numbers are dismal, especially for growing small businesses, and they illustrate the importance of constant open communication about cybersecurity in businesses. But be aware of the need for consistency in messaging and beware of bias. While anecdotally younger employees are more tech savvy, objectively they are not. The same survey demonstrated a large disconnect between perception and reality when analyzing the data by age. About one-third of respondents 18-34 delete suspicious emails, a habit that typically safeguards users from phishing. In contrast, half of respondents 35-54 and over three-quarters of those over 55 delete them. Similar numbers were found when respondents were asked about other good cyber habits, like monitoring financial accounts and using cybersecurity monitoring. [Read the full report here.]
How to overcome the disconnect? Acknowledging gaps and disconnects exist will allow you to identify the problems. Then keep an open mind and create a work environment that prioritizes cybersecurity.