Would Your Employees Pass This Simple Cybersecurity Test?

September 13, 2016

4:00 pm

In 2015, everyday citizens found hundreds of unbranded USB sticks in airports and coffee shops across four major cities (Chicago, Cleveland, San Francisco, and Washington D.C.). Letting their curiosity get the best of them, 17% of these people took the USBs and plugged them into their devices.

Without knowing it, they had failed an important cybersecurity test. The USB sticks had been planted by CompTIA as part of an experiment to observe consumers’ cybersecurity habits.  


This raises an important question all startup owners should ask: Would my employees pass this test?

Your Employees Would Probably Fail

If you think your employees are tech-savvy enough to avoid falling into this trap, think again. After studying their own experiment, CompTIA found that a consumer’s technology literacy was not a determining factor in whether or not they picked up the USB stick.

At the San Francisco International Airport, a number of IT workers found and plugged the sticks into their devices. Amazingly, someone from the security office of a large multinational corporation also found a stick and plugged it in.

Trusting unknown USBs, and unprotected Wi-Fi networks, endangers not only individuals, but also their companies. Poor cybersecurity habits can provide an opening for hackers or cybercriminals to get onto a server, and access valuable information. This goes beyond just USB usage; CompTIA found that many people have extremely poor tech habits when it comes to security and vulnerabilities.

These findings suggest, unfortunately, that employers’ biggest security threat may be their employees’ IT habits.

Employees Are Security Risks

In the era of email and file-sharing apps, why are so many employees using USB drives at all? More than half (58%) of employees rely on USB drives to transfer files from device to device, while many more advanced, convenient ways to digitally transfer data sit unused.

In fact, CompTIA found:

  • 35% of employees have borrowed someone else’s USB to transfer a file
  • 22% of employees would hypothetically pick up a USB stick they found in public
  • 84% of those who would pick up a USB stick found in public said they would plug it into one of their own devices

In addition to all that, sixty-three percent of employees use work mobile devices for personal activities, and 94% of employees connect their laptops and mobile devices to public Wi-Fi networks. More than 40% of employees did not know what two-factor authentication was, and 37% only changed their work passwords annually or sporadically.

How Do You Solve Bad Tech Habits?

A huge piece of the puzzle explaining why many employees open themselves up to cybersecurity problems is a lack of training. Nearly half (45%) of employees report they never received any form of cybersecurity education from their organizations.

Companies need to first understand how their employees’ tech habits may expose them to vulnerabilities – and then, teach their employees how to break those bad tech habits.

Here are some ways you can improve your employees’ habits, and make your company more secure:

Conduct Regular, Ongoing Training

Cybersecurity education must go beyond a simple security policy and an orientation session for new employees. As technology continues to evolve, threats evolve. Training must be ongoing to keep employees up-to-date, to reinforce the importance of cybersecurity, and to change employees’ habits.

Send Out Security Tips

If your organization has a security policy (and it should), it’s likely a large document that your employees skimmed through once, then set aside. A security policy is important to have, but it’s not the best way to educate employees about best practices. Send out security tips in bite-sized tidbits, which are easier for employees to absorb.

Test Employees

After employees have been trained on a particular security protocol or best practice, test them on it. Plant a USB in the office break room, and see how employees respond to it. Call an employee with access to sensitive information, and try to get them to bypass your company’s security protocols.

Did you like this article?

Get more delivered to your inbox just like it!

Sorry about that. Try these articles instead!

Eric is the founder and CEO for Sentek Global. He’s a former U.S. Navy SEAL Commander who graduated from San Jose State University with a Bachelor of Science in Molecular Biology and holds an MBA from Anderson Graduate School of Management (UCLA).