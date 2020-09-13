A survey by Kaspersky revealed that 90% of corporate security errors were made by users who believed they knew exactly what they were doing. Whether due to lack of knowledge or because they have a limited understanding of the attitudes to be taken, the study demonstrated that there is still a huge information gap in business structures, mainly on issues related to the protection of devices used in the home office, virtual machines and the need for operating system and software updates.

To reach these conclusions, Kaspersky used an unusual methodology in the study, not only asking questions about security, but also, questioning the interviewees about their confidence in their answers. The data was collected at the beginning of the pandemic, when the home office regime was still being implemented and many companies were trying to understand this new format, at the same time that the digital scams already had a rapid increase in effectiveness.

According to the study, employees tend to overestimate their level of knowledge about basic digital security, with 90% of the wrong answers coming with the notion that they believed they knew the answer or at least had a sense of the topic. In the overwhelming majority of cases, this lack of information and training could lead to serious problems in the use of remote work systems or a reduction in the importance, for employees, of updates and functional safety devices.

The use of virtual machines and remote systems had the highest rate, with 60% errors and 90% of respondents claiming they do not understand well how the systems work. Second were issues related to the separation between personal and work devices, with 52% of participants making mistakes related to this, but with 88% confidence that the wrong actions were being taken in the proper way.

A great distortion, also, appeared in the correct application of system updates and in the recognition of the importance of processes of this type. According to the Kaspersky study, 50% of respondents gave wrong answers in this regard, but 92% of respondents believed they were acting correctly.

“If employees don’t understand the danger of actions like storing sensitive documents in personal stores, for example, they are unlikely to ask for help from an organization’s security or IT departments,” explains Denis Barinov, head of Kaspersky Academy and one of those responsible by the study. According to him, the research demonstrates more than a difficulty of understanding by the collaborators, but also the presence of consolidated behaviors, even more difficult to be changed than a lack of knowledge per se.

Still, security experts recommend applying training and seminars on best security practices, as well as applying processes, to ensure that risks are minimized. Preventing outdated software from accessing networks, publishing tutorials on the best device configuration and indicating the ways to use more secure passwords or identification of fraudulent communications and malware are good ways to ensure greater peace of mind regarding data and work routine.

Source: Kaspersky