In a survey released by KnowBe4 in the fall of 2021, it was discovered that nearly one-half (45%) “lack the confidence necessary to identify a social engineering attack,” such as phishing. They also found that only 48% of employees believe that opening a malicious link in their email app can cause infection in their mobile devices. Additionally, Thycotic’s Global Research Report (conducted in June 2021) found that 79% of employees engaged in risky activities in the past year.
For many, there’s a direct correlation between security awareness training and the belief in threat levels. For example, those with monthly training are 34% more likely to believe opening a suspicious link or attachment can cause harm, than those that only receive training once or twice a year.
Some of the most astounding findings included:
- About a quarter of healthcare respondents told KnowBe4 they don’t receive security awareness training.
- For small businesses, Thycotic found that only 20% of 1-20 person teams and 32% of 11-50 person teams received training in the past year.
- A majority of employees surveyed by KnowBe4 are “not sure whether their employer is subject to various privacy regulations,” such as FERPA, a US Department of Ed law.
- Only 31% of KnowBe4 respondents understand and can explain email compromise to others.
There is hope though. Compared to 2020, more survey respondents in 2021 understood social engineering threats “very well.” These percentages must continually grow into a majority percentage though, as phishing is “one of the most common ways that hackers gain access to business networks and corporate data.”
With remote work here to stay, ransomware tactics continuously advancing, and most of our identities living on the internet, there is a significant need for improvement. Too much is on the line, both professionally and personally!
“Everyone is a target, and anyone can become a victim with the simple click of an email link or opening an attachment. For many companies it is only a matter of time before they become victims,” said Thycotic.
Thankfully, education and training are an ever-present aspect of our managed IT services. Here are a couple of examples of our formal and informal training:
- With our Security Package, we provide training and tests for all client employees, as well as enable them to independently report phishing emails.
- While emailing a client, they expressed a desire to alter their company’s firewall settings to allow browsing in France to plan an NYE trip. We asked if they could do the necessary browsing on a personal device, and explained that altering the settings would impact the entire office’s security. Opening up the firewall to France would have increased the likelihood of harm being done to the network.
- Whether we’re on a IT services phone call with you, or at your office, we don’t leave the conversation until all questions are answered and understood.
Thycotic found that a combined 83% of respondents deal with long wait times for IT services, IT processes inhibiting necessary work tasks or difficulty connecting to the VPN. At Partners Plus, we pride ourselves in easy access to our IT tech that responds and fixes issues swiftly. A live rep answers the phone and makes our IT tech aware of the issue immediately.
Additionally, with 30 years under our belt, we are well versed with the managed IT services needs of our different clients. We are very familiar with the different software people need. We’ll make sure you’re able to do your job, while protected, even if that means creating complex rules within our systems. Lastly, we help you set up the VPN connection quickly, whether that’s completed during the onboarding process or the morning of necessary remote work if need be.
That said, contrary to the 51% of Thycotic respondents that believe protection is solely up to the IT department, each individual employee still has to do their part! After all, due to your membership level, whether you have the Security Package or not, and good ol’ free will, we can’t control your every move! Here are some action steps Thycotic found most employees are not doing but should be:
- Utilize MFA or 2FA wherever possible.
- We’d like to add, NOT utilizing SMS 2FA if provided other options!
- Educate your team whenever possible. Make training available and mandatory.
- Utilize a VPN connection when working remotely 100% of the time!
- Avoid sending company data to personal devices.
- Utilize a password manager to avoid reusing passwords, saving login credentials to your browser, or sharing logins with unnecessary personnel.
If you have a hunch your team’s security awareness is lacking, let’s talk. We’ll take the time to assess your company’s current status, and provide action steps to increase your security. The last thing we want is employees risking your team’s security simply to get their job done.
Sign up for our Security Package cybersecurity training here!
About Partners Plus
Managed IT Services That Do the Work for You
Partners Plus began in 1991 as an outsourced IT department after working as the Director of Programming and a Consultant for six years. For 30+ years now, we have been 100% committed to ensuring small- and medium-sized business owners have the most reliable and professional virtual CIO in the Delaware Valley. Our dedicated team of professionals will solve your IT nightmares quickly and without confusion on your part.
Our customer-specific memberships deliver your needs without overstepping your budget boundaries. From cloud services and data backups to ransomware prevention and Dark Web monitoring, Partners Plus is here to work with you and your expert company, dependable outsourced IT support and security.
Partners Plus has locations and services the following areas:
Managed IT Services in Philadelphia – Managed IT Services in Delaware – Managed IT Services in Malvern