Companies and their workers are wide open for phishing attacks, largely because of their own ignorance, according to the 2020 User Risk Report from email security firm Proofpoint.
For instance, only 61% of those polled correctly identified the definition of phishing, leaving a large group of people who don’t know it. Even fewer — 31% — could define ransomware.
When it came to identifying key terms, millennials did worse than baby boomers and other age groups.
Boomers were able to define phishing at 66% (versus 55% who could define the term among millennials and 47% for Gen Z) and ransomware (43% for boomers, compared to 24% for millennials and 28% for Gen Zers).
However, millennials were more likely than boomers to be able to define smishing and younger people in general are more aware of vishing.
Perhaps more worrisome, the respondents are not following best practices in cybersecurity.
For instance, 90% of working adults use employer-issued devices for personal activities. And 50% allow friends and family to use these devices.
The leading personal activities for workers using company devices are:
In addition, 45% acknowledge password reuse. And over 50% do not use password-protected home wi-fi networks.
A mere 23% use a password manager and 32% manually enter a different password for every login. Also, 29% rotate between five and 10 different passwords and 16% use the same one or two passwords for all accounts.
The level of incompetence varies by country.
Of U.S. workers, 45% believe trusted locations always offer safe wifi networks. In the UK, 14% never lock their smartphones and 21% are unsure how to fully secure their home wi-fi networks.
The U.S. is above the global average for using a password manager — 40% do so. Only 15% in France can say the same thing.
U.S. respondents also lead with VPN usage, with 51% saying they having at least one installed.
Proofpoint surveyed over 3,500 working adults in the U.S., the UK, Australia, France, Germany, Japan and Spain.