I’ve said it before, and I’ll say it again. Employees have been educated plenty on cybersecurity issues, they just haven’t been given enough reason to care:
- “While 91 percent of respondents claimed that encrypted USB drives should be mandatory, a full 58 percent of respondents confirmed that they regularly use non-encrypted USB drives
- Meanwhile, although 64 percent of organizations have a policy outlining acceptable use of USB devices, 64 percent of respondents said their employees use USB drives without obtaining advance permission to do so
- Furthermore, in yet another example of employees discarding best practices and policies, nearly half of employees lost a USB drive without notifying appropriate authorities about the incident”
These numbers are a strong indication that it’s not a lack of knowledge, it’s just easier to not follow those policies, and the consequences, if there are any, for that action, don’t outweigh the convenience.
So they will continue doing the same stuff until that equation changes.