In a survey released by KnowBe4 in the fall of 2021, it was discovered that nearly one-half (45%)  "lack the confidence necessary to identify a social engineering attack," such as phishing. They also found that only 48% of employees believe that opening a malicious link in their email app can cause infection of their mobile device.  Additionally, Thycotic's Global Research Report (conducted in June 2021) found that 79% of employees engaged in risky activities in the past year.

For many, there's a direct correlation between security awareness training and the belief in threat levels. For example, those with monthly training are 34% more likely to believe opening a suspicious link or attachment can cause harm, than those that only receive training once or twice a year.

Some of the most astounding findings included:

  • About a quarter of healthcare respondents told KnowBe4 they don't receive security awareness training.
  • A majority of employees surveyed by KnowBe4 are "not sure whether their employer is subject to various privacy regulations," such as FERPA, a US Department of Ed law.
  • Only 31% of KnowBe4 respondents understand and can explain email compromise to others.

There is hope though. Compared to 2020, more survey respondents in 2021 understood social engineering threats "very well." These percentages must continually grow into a majority percentage though, as phishing is "one of the most common ways that hackers gain access to business networks and corporate data."

With remote work here to stay, ransomware tactics continuously advancing, and most of our identities living on the internet, there is significant need for improvement. Too much is on the line, both professionally and personally!

"Everyone is a target, and anyone can become a victim with the simple click of an email link or opening an attachment. For many companies it is only a matter of time before they become victims," said Thycotic.

Thankfully, education and training is an ever-present aspect of our managed IT services. Here's a couple examples of our formal and informal training:

  • With our Security Package, we provide training and tests for all client employees, as well as enable them to independently report phishing emails.
  • While emailing with a client, they expressed a desire to alter their company's firewall settings to allow browsing in France to plan a NYE trip. We asked if they could do the necessary browsing on a personal device, and explained that altering the settings would impact the entire office's security. Opening up the firewall to France would have increased the likelihood of harm being done to the network.
  • Whether we're on a IT services phone call with you, or at your office, we don't leave the conversation until all questions are answered and understood.

Thycotic found that a combined 83% of respondents deal with long wait times for IT services, IT processes inhibiting necessary work tasks or difficulty connecting to the VPN. At Partners Plus, we pride ourselves in easy access to our IT tech that responds and fixes issues swiftly. A live rep answers the phone and makes our IT tech aware of the issue immediately.

Additionally, with 30 years under our belt, we are well versed with the managed IT services needs of our different clients. We are very familiar with the different software people need. We'll make sure you're able to do your job, while protected, even if that means creating complex rules within our systems. Lastly, we help you set up the VPN connection quickly, whether that's completed during the onboarding process or the morning of necessary remote work if need be.

That said, contrary to the 51% of Thycotic respondents that believe protection is solely up to the IT department, each individual employee still has to do their part! After all, due to your membership level, whether you have the Security Package or not, and good ol' free will, we can't control your every move! Here are some action steps Thycotic found most employees are not doing, but should be:

  • Utilize MFA or 2FA wherever possible.
    • We'd like to add, NOT utilizing SMS 2FA if provided other options!
  • Educate your team whenever possible. Make training available and mandatory.
  • Utilize a VPN connection when working remotely 100% of the time!
  • Avoid sending company data to personal devices.
  • Utilize a password manager to avoid reusing passwords, saving login credentials to your browser, or sharing logins with unnecessary personnel.

If you have a hunch your team's security awareness is lacking, let's talk. We'll take the time to assess your company's current status, and provide action steps to increase your security. The last thing we want is employees risking your team's security simply to get their job done.

Sign up for our Security Package cybersecurity training here!

headshot, owner, president, author, partners plus, IT company, IT services, SSD, recommendationBill Hogan is the Owner and President of Partners Plus. He has 40 years of experience in the technology industry, specifically managed IT services. Bill has spoken at seminars all over the country about network management and published his latest book in 2018. Partners Plus was selected by PHL17 as the best Computer and Information Technology Support Company in the greater Philadelphia area in 2018.