Study Shows Employees are Putting Their Companies at Risk

Study Shows Employees are Putting Their Companies at Risk

A recent study by CompTIA, Cyber Secure: A Look at Employee Cybersecurity Habits in the Workplace, shows that the majority of employees are unaware of how their poor security habits could leave their organizations vulnerable to major cybersecurity breaches, despite the fact that major corporations have lost millions dealing with hacker situations.

The study shows the growing gap between the amount of cybersecurity attacks and the number of employees who are trained to be highly aware of cyber threats when dealing with company devices, accounts and information.

Many organizations give their employees laptops, tablets or smartphones to work with during their time with the company. While these devices are intended for company use, nearly two-thirds of the surveyed employees admitted to using their company-assigned devices at home for personal use. Every time an employee signs into a personal account such as email, social media, entertainment platforms, etc., they open their device up to potential security threats.

Employees have also admitted to using the same, unoriginal and predictable passwords for both their personal accounts and corporate accounts. They have also admitted to sharing personal information online, such as their full name, email addresses and birth date, in exchange for “more information” or to register for a social media, entertainment or online shopping account. These questions are sometimes clues as to what a user would choose their password to be.

Perhaps the most startling find of the study deals with employees and their care-free use of USB drives. In recent years, some of the most prominent cybersecurity incidents have included USB viruses. They were popularized by “Stuxnet,” the infamous worm which the U.S. and Israel supposedly used to infiltrate Iranian nuclear centrifuges in 2010. Since then, many more attacks have included USB sticks programmed with malware that can quickly infect devices and critical infrastructure.

Even though the USB threats have been all over the news, a social experiment commissioned by CompTIA sought out to find out just how many people would trust a random USB stick. From August to October, they dropped 200 USB sticks in highly public places like airports and coffee houses in populated cities such as, Chicago, Cleveland, San Francisco and Washington D.C. The sticks were programmed to take the user to a text file with directions to a link that could be tracked or an alias email address to contact.

After only a few weeks, 17% of the USB sticks were picked up, plugged in and the user followed the directions of the text file. While the study cannot show how many people plugged the USB into their device without clicking on the link, it does show that a good percentage of people will jeopardize their devices based on curiosity. In a handful of the emails received, some asked if a virus was present on the USB, showing that some understood the risks of plugging a random USB into their computer.

The study also polled employees on what they most associated “cybersecurity” with, offering a glimpse into what risks and threats they fear most. The majority (36%), said they associate “identity theft” with cybersecurity while others listed, “hacker” or “malware.” They were also asked what they would do in the event of a breach. While 35 percent of employees said they would change their all of their account login credentials, 20 percent said they would only change the password information on the hacked account. Thirty three percent said they wouldn’t personally do anything, but they would contact their companies IT department. Four percent said they would contact the police.

These findings have brought to light the poor security hygiene of the common employee in this digital era. It shows that the majority of our workforce has not been given proper training to combat a cyber threat. The majority of workers surveyed stated that their organization doesn’t provide any form of cybersecurity education or communicate the best end-user practices.  Those that do administer training, rely on a mixture of online and in-person learning formats.

As a way to combat the lack of cybersecurity education, CompTIA has announced new programs aimed at raising awareness in the workplace, on the road and at home. Visit www.comptia.org for more information on these programs and remember to ask yourself, “Am I being cyber smart?”

Featured

  • Pragmatism, Productivity, and the Push for Accountability in 2025-2026

    Every year, the security industry debates whether artificial intelligence is a disruption, an enabler, or a distraction. By 2025, that conversation matured, where AI became a working dimension in physical identity and access management (PIAM) programs. Observations from 2025 highlight this turning point in AI’s role in access control and define how security leaders are being distinguished based on how they apply it. Read Now

  • Report: Cyber Attackers Continue to Turn to AI-Based Tools to Avoid Detection

    Comcast Business recently released its 2025 Cybersecurity Threat Report, a comprehensive analysis of 34.6 billion cybersecurity events detected between June 1,2024 and May 31, 2025. Now in its third year, the report offers business leaders a unique perspective into the evolving threat landscape and provides actionable insights to help organizations strengthen their defenses and align cybersecurity with business risk. Read Now

  • Axis Communications Creates AI-powered Video Surveillance Orchestra

    What if cameras could not only see the world, but interpret it—and respond like orchestra musicians reading sheet music: instantly, precisely, and in perfect harmony? That’s what global network technology leader Axis Communications set to find out. Read Now

  • Just as Expected

    GSX produced a wonderful tradeshow earlier this week. Monday was surprisingly strong in the morning, and the afternoon wasn’t bad at all. That’s Monday’s results and asking attendees to travel on Sunday. Just a quick hint, no one wants to give up their weekend to travel and set up an exhibit booth. I’m just saying. Read Now

    • Industry Events
    • GSX
  • NOLA: The Crescent City

    Twenty years later we finds ourselves in New Orleans. Twenty years ago the aftermath of Hurricane Katrina forced exhibitors and attendees to look elsewhere for tradeshow floor space. Read Now

    • Industry Events
    • GSX

New Products

  • PE80 Series

    PE80 Series by SARGENT / ED4000/PED5000 Series by Corbin Russwin

    ASSA ABLOY, a global leader in access solutions, has announced the launch of two next generation exit devices from long-standing leaders in the premium exit device market: the PE80 Series by SARGENT and the PED4000/PED5000 Series by Corbin Russwin. These new exit devices boast industry-first features that are specifically designed to provide enhanced safety, security and convenience, setting new standards for exit solutions. The SARGENT PE80 and Corbin Russwin PED4000/PED5000 Series exit devices are engineered to meet the ever-evolving needs of modern buildings. Featuring the high strength, security and durability that ASSA ABLOY is known for, the new exit devices deliver several innovative, industry-first features in addition to elegant design finishes for every opening.

  • ResponderLink

    ResponderLink

    Shooter Detection Systems (SDS), an Alarm.com company and a global leader in gunshot detection solutions, has introduced ResponderLink, a groundbreaking new 911 notification service for gunshot events. ResponderLink completes the circle from detection to 911 notification to first responder awareness, giving law enforcement enhanced situational intelligence they urgently need to save lives. Integrating SDS’s proven gunshot detection system with Noonlight’s SendPolice platform, ResponderLink is the first solution to automatically deliver real-time gunshot detection data to 911 call centers and first responders. When shots are detected, the 911 dispatching center, also known as the Public Safety Answering Point or PSAP, is contacted based on the gunfire location, enabling faster initiation of life-saving emergency protocols.

  • A8V MIND

    A8V MIND

    Hexagon’s Geosystems presents a portable version of its Accur8vision detection system. A rugged all-in-one solution, the A8V MIND (Mobile Intrusion Detection) is designed to provide flexible protection of critical outdoor infrastructure and objects. Hexagon’s Accur8vision is a volumetric detection system that employs LiDAR technology to safeguard entire areas. Whenever it detects movement in a specified zone, it automatically differentiates a threat from a nonthreat, and immediately notifies security staff if necessary. Person detection is carried out within a radius of 80 meters from this device. Connected remotely via a portable computer device, it enables remote surveillance and does not depend on security staff patrolling the area.