Cybersecurity survey reveals just how much users don’t know

Do you ever feel like some days people just don’t understand what you’re saying or what you do in IT? As it turns out, they probably don’t.

So says the findings of a survey conducted by Pew Research Center who asked 1,055 adult internet users 13 questions about cybersecurity. You can take the survey yourself here.

The results aren’t pretty either, with just 1% – or ten people – getting a perfect score. If we’re being honest, we only got nine out of ten right. Specifically, the question about botnets tripped someone up. But our editorial team still did better than the average American, with 20% getting more than eight questions correct. The median was five correct answers, which is a failing score. So we think we did OK, all things considered.

Before you send users to remedial classes, here’s a breakdown of how they did in each category:

Multi-factored authentication

When asked to identify which picture was an example of multi-factored, or two-step, authentication 10% got it right, 71% got it wrong and 18% just weren’t sure. Two-step authentication is recommended by most security professionals, where the user is asked upon logging in to prove what they know (their password) and what they possess (an email or phone).

This does not include spam captcha, which was one of the incorrect answers the survey takers responded with.

Virtual Private Networks

Chances are, if you have users who telecommute, you have a VPN set up at your company. A substantial amount (70%) of users don’t know what this is protecting them or the company’s data from, however. So while they’re aware of what VPNs are and what they do, maybe include training on why VPNs are useful beyond connecting to the company’s network remotely.

Wi-Fi and email encryption

The survey asked two true or false questions, whether Wi-Fi routers and emails are encrypted by default. Forty-five percent of users know Wi-Fi routers aren’t encrypted by default, and another 46% know emails aren’t either. That still leaves over half who either believe that encryption is a default setting or simply aren’t sure if they are or not. Not keen on betting with those odds.

Phishing attempts

When it comes to phishing attempts, you want your users to not fall for the bait. When asked to identify which three statements were examples of phishing attempts, however, only 54% correctly answered “all of them.” Twenty-one percent probably answer phishing emails or click on links within suspicious emails without any alarm, while the remaining 24% aren’t sure what a phishing attempt looks like. It’s that 46% you want to focus on to make sure they’re able to correctly recognize an attempt when it matters most.

Personal protection

There’s one remaining glimmer of hope when it comes to users recognizing unsafe situations: strong passwords and public Wi-Fi. Seventy-three percent of users were able to recognize that public Wi-Fi, even those that require passwords, are not safe to conduct sensitive business on. Another 75% were able to identify the strongest password in a list.

The only downside is that, while users recognize the hazards of having weak passwords, the majority aren’t using them. Chances are, they’re probably still conducting business over public Wi-Fi too.

Pew’s survey revealed weaknesses in user knowledge that some IT pros probably were already aware of and attempting to rectify. With all the threats to data out there, however, the battle to educate users is not one we should be prepared to lose.

Make Smarter Tech Decisions

Get the latest IT news, trends, and insights - delivered weekly.

Privacy Policy