I’m all about being educated and understanding the risks involved every time you connect to the internet or access your company’s network or handle sensitive data. But can being educated actually work against cybersecurity efforts?
A study conducted by online IT training company CBT Nuggets found that overconfidence in our abilities, and in our devices, can end up resulting in identity theft. According to the survey of more than 2,000 respondents, 18 percent of those who admit to being tech savvy are more likely to become victims of identity theft. Also, more education increases your risk, with 24 percent of PhDs stating that they have been a victim of identity theft at some time, as opposed to 11 percent of high school graduates and 14 percent of those with a bachelor’s degree. Now, there could be a number of reasons for the disparity in the numbers, such as the amount of time someone with only a high school degree spends on a computer versus that of someone with an advanced degree. Also, higher-level staff are specifically targeted through spearphishing and whaling attacks.
One of the statistics I want to highlight focuses on the types of devices and operating systems we use. Are you surprised that Apple users (22 percent) are more likely to become an identity theft victim over Windows users, but that Android phone users are more likely to be hit than iPhone users? The phone issue is likely due to stricter app rules and access in Apple devices than in Android, but the Apple versus Windows statistics show that users still carry a misconception that Macs are free from cybersecurity threats.
The study also broke down how these different populations addressed security practices. For instance, PhDs again are at a higher risk of password theft because, as a group, they have the lowest percentage of unique passwords compared with those with lower degree levels. Perhaps it is not a mystery why they are also at the highest risks of identity theft. (Of course, we’ve also learned that IT staff aren’t very good about password management, either, which affirms the results of this study.) At the same time, these so-called tech savvy folks don’t seem to care much about using good security practices, as a Naked Security blog explained in discussing this study:
When asked why they didn’t follow basic security recommendations, 40 percent of respondents said they were too lazy, found it to be too inconvenient, or they didn’t really care. In fact, only a smidgen of respondents – 3.7 percent – said they follow all of the basic security requirements…Which is weird, given that 65.9 percent said that having their personal information compromised is a medium or huge risk.
Knowing about cybersecurity, understanding the risks, yet thinking that your tech smarts are enough is a recipe for a security disaster. Education and training are absolutely necessary in today’s digital landscape, but they mean nothing if we don’t practice what we’ve learned.
Sue Marquette Poremba has been writing about network security since 2008. In addition to her coverage of security issues for IT Business Edge, her security articles have been published at various sites such as Forbes, Midsize Insider and Tom's Guide. You can reach Sue via Twitter: @sueporemba