Imperial, California - According to a new study, 70% of American workers don’t grasp web security and privacy.

The majority - 70% - of US employees fail when it comes to security and privacy best practices. As we discussed a few weeks ago, employees represent the biggest threat to their company or organization’s cybersecurity, this is just further proof.

The study, the 2017 State of Privacy and Security Awareness Report, surveyed 1,012 US workers and found the vast majority lacked a basic understanding of cybersecurity or digital privacy, much less the best practices associated with them. The study was conducted by MediaPro, which claims overall things are getting better.

Here’s why MediaPro says that. The survey asked each participant a set of 31 questions and then ranked them as either “high risk,” “novice” or “hero.”

  • The number of “High Risk” employees rose from 16% to 19%
  • The number of “Novice” employees shrunk from 72% to 51%
  • The number of “Hero” employees rose from 12% to 30%

Basically, at the top end of the spectrum there are more people with a high proficiency when it comes to security and privacy best practices. About half of US workers are at the “Novice” level, which implies at least an understanding of the concepts, though not necessarily the techniques to defend against threats. And then nearly one out of every five employees is an active risk to their employer. That jibes with the fact that 20% of employees would perform actions that MediaPro deems “high risk” on their social media accounts.

Despite MediaPro’s optimism about the study, I tend a bit more pessimistic. One of the biggest issues we face in this, the SSL industry, is a lack of consumer education. It leads to more people getting phished and it also allows the debate around the usefulness of Extended Validation SSL certificates to continue.

If more users understood the basic indicators for connection security, much less what connection security is, the internet would be a safer place. But how do we do that?

One suggestion I have is Google could use its home page to educate users. Over half of American internet users are surfing the web with Chrome. I don’t have a statistic, but I’d guess most people still have their default homepage settings. Google could use part of the real estate to help educate users. No, it’s not a cure-all. There isn’t one. But it’s a good first step towards better educating internet users about security.