Research questions the effectiveness of cybersecurity awareness

Get a free Techzine subscription!

Despite an estimated quarter of European employees falling victim to scams and phishing, 32 percent resort to using the same password for multiple systems.

A new research report from Iron Mountain clarifies that awareness of security risks does not necessarily equate to risk reduction. Even a victim of phishing and scams may continue to use the same password for multiple systems. Some of the European respondents write down their password on a note kept on or around the desk (17 percent). Exactly a quarter forget to lock their laptop when they leave it unattended.

Hybrid risks

Iron Mountain also observed a correlation between working from home and an increase in risk. About a third of employees report that they are less security-conscious when working from home than in the office. The reasons are not stated, but may have no basis in fact. It is precisely the security of endpoints outside of corporate networks that is known for risks and challenges.

Doubts about training

Finally, Iron Mountain questions the accuracy with which data managers perceive the impact of risk training. About two-thirds of data managers surveyed said that risk training is attended by 50 to 100 percent of all staff. More than one-third of employees surveyed say they have never had such training.

Iron Mountain does not clarify whether risk training has actually been offered to each of the latter employees. Moreover, the organization does not specify whether each of the employees works under one of the data managers surveyed. Scepticism is warranted. At a glance, the numbers point to a difference between the perceptions of managers and employees, but in reality, that difference is not necessarily there.