With thanks to all who participated, here are your responses to my latest Weekend Poll (WP) question … How prepared are you to avoid getting caught in a web of cyber breaches? This is the third consecutive year I’ve asked readers about your cybersecurity education and password practices. Here are the results.
63% aren’t confident you know enough
I asked readers how well informed you are on cybersecurity, and gave a three-point scale from which to choose. Six percent of respondents reporting having limited or no cybersecurity knowledge (a “1” rating). At the other end of the spectrum, almost 31% selected a “3” rating, representing a high level of knowledge and preparation.
Almost two thirds of respondents (63%) found themselves landing in the middle, reporting that they have some insights but are not confident they know enough. Even if it’s concerning that people think they don’t know enough, that acknowledgement is a good sign that people aren’t taking cyber risks lightly.
Why should you care?
Let’s start with this statement many I’ve offered before: When it comes to cybersecurity, there are three types of organisations. There are those that have been hacked, those that will be hacked … and those that have been hacked but haven’t yet realised it.
In this particular poll, 37% of respondents reported being aware of cybersecurity breaches at their workplace. On the home front, the number declined to 14% of respondents who are aware of cyber breaches on their personal devices.
… and you do care; many are quite concerned
Fifty-three percent of respondents understand that it’s an issue in the workplace but believe that appropriate measures are taken. The remainder, 47%, are very concerned about cybersecurity at the office.
The numbers shift a bit when it comes to cybersecurity in one’s personal life. Six percent of respondents reported that they’re not concerned. Another 40% acknowledge that it’s an issue, but believe they’re taking appropriate measures. More than half, 54%, report that they’re very concerned about personal cybersecurity.
How’s that workplace education going?
The nature of cybersecurity attacks continues to evolve, and so it’s important that people don’t treat cybersecurity training as a one-off event. I asked readers who do receive such workplace training how long it’s been since your last such communication or session. For 10% of respondents, employers make cybersecurity educational resources or modules available online; it’s up to employees to then access them.
For 21% of respondents, such communications have occurred within the last month – and, for another 17%, within the last quarter. How frequently do you think employers would ideally make information or reminders available to employees? Check out the data below and you’ll see that, for 31% of respondents, it’s been more than half a year … and that includes 21% of respondents who last received communications or education on cybersecurity more than a year ago!
What about external education?
Twenty-eight percent of respondents reported having independently attended externally-hosted cybersecurity presentations or sessions. Another eight percent reported that their externally provided cybersecurity PD is limited to what I’ve presented or written on the topic.
Passwords or pass phrases
When I present on cybersecurity, as I’ll be doing at IAAP Summit 2019 in National Harbor later this week, I make a point of encouraging assistants to consider using pass phrases rather than passwords. When you’re asked to come up with a new password, you may find it easier to remember a meaningful phrase … which can also be more difficult for hackers to figure out.
A full 53% of respondents reported that you rely on passwords, while 6% use pass phrases. A significant percentage of respondents, 41%, use both.
Unlocking multiple doors
… that’s what we can do, relatively speaking, when we use the same password or phrase for more than one log-in or account. Yet, 47% of respondents reported that they do just this.
In fairness, that’s not awfully surprising. Consider how many different accounts we log in to on a daily basis, and the number of passwords of which we need to keep track. Almost half the respondents, 46%, reported using three or fewer passwords in the office.
In fact, 77% of respondents use five or fewer passwords in the office. Nine percent use distinct passwords or phrases for each business-related login.
Keeping track of multiple passwords
The majority of respondents (58%) reported relying on anywhere from three to 10 different passwords and phrases between business and personal use. Another 12% reported using somewhere between 11 and 24. Almost a third, 30%, make even more of a point of using distinct passwords – and rely on more than two dozen different ones.
How do you keep track of so many? Only 6% of respondents reported using apps to store business passwords, while 3% use apps for their personal passwords. I’ll be sharing more info about apps in a future post but those readers who use them reported relying on Apple Pass and LastPass. Others store their passwords in a Notes screen on their smartphone, or in a password-protected Excel file.
I asked whether readers keep lists of their passwords or phrases. A full 42% said this isn’t the case. What about the rest of you? Well, 33% keep lists stored on their computers. Another 25% have handwritten lists. Twenty-two percent of respondents secure those lists under lock and key. Don’t broadcast this, but a very small percentage of respondents reported maintaining handwritten lists without locking them away. Am sure those lists are well concealed, but it would be wise to reconsider this practice.
Want to learn more? Have a look at the data, below.
About these results: Information below reflects the percentage of respondents who selected specific responses from multiple choice options.
1. On a scale of 1 (limited or no knowledge) to 3 (high level of knowledge and preparedness), how well informed are you about cybersecurity?
- 1 (limited/no knowledge): 6% of respondents
- 2 (some insights, but not confident I know enough): 63% of respondents
- 3 (high level of knowledge and preparedness): 31% of respondents
2. Have you received cybersecurity education/training at your workplace?
- Yes: 75% of respondents
- No: 25% of respondents
3. If you have received cybersecurity education/training at your workplace, when was the last such communication or session?
- Modules or resources are online, and it’s up to us to access them: 10% of respondents
- Within the last month: 21% of respondents
- Within the last quarter: 17% of respondents
- Within the last half year: 21% of respondents
- Within the last year: 10% of respondents
- More than a year ago: 21% of respondents
4. Have you attended any external presentations/sessions on cybersecurity?
- Yes: 28% of respondents
- No: 72% of respondents
5. Have you undertaken any independent study/professional development related to cybersecurity?
- Yes: 22% of respondents
- My cybersecurity PD is limited to what Shelagh’s presented or written on the topic: 8% of respondents
- No: 70% of respondents
6. On a scale of 1 (not concerned) to 3 (very concerned), how much of an issue do consider cybersecurity to be in the workplace?
- 1 (not concerned): 0% of respondents
- 2 (I understand it’s an issue but think we take appropriate measures): 53% of respondents
- 3 (very concerned): 47% of respondents
7. On a scale of 1 (not concerned) to 3 (very concerned), how much of an issue do consider cybersecurity to be in your personal life?
- 1 (not concerned): 6% of respondents
- 2 (I understand it’s an issue but think I take appropriate measures): 40% of respondents
- 3 (very concerned): 54% of respondents
8. Do you generally use passwords or pass phrases?
- Passwords: 53% of respondents
- Pass phrases: 6% of respondents
- I use passwords and pass phrases: 41% of respondents
9. Do you use the same password or pass phrase for more than one log-in or account at the office?
- Yes: 47% of respondents
- No: 53% of respondents
10. How many different passwords or pass phrases do you use at the office?
- 1 password: 6% of respondents
- 2 passwords: 11% of respondents
- 3 passwords: 29% of respondents
- 4 passwords: 22% of respondents
- 5 passwords: 9% of respondents
- more than 5 passwords: 14% of respondents
- I use distinct passwords for every account or login: 9% of respondents
11. Do you change/update your passwords or pass phrases without prompting?
- Yes: 14% of respondents
- No: 47% of respondents
- Only occasionally: 39%
12. On a scale of 1 (embarrassingly obvious) to 3 (challenging), how difficult would it be to crack your passwords or pass phrases?
- 1 (they’re embarrassingly obvious): 3% of respondents
- 2 (they’re not obvious but neither are they strong): 53% of respondents
- 3 (they’re challenging): 44% of respondents
13. Between work and personal use, how many different passwords or pass phrases do you estimate you use in total?
- 1: 0% of respondents
- 2: 0% of respondents
- 3-5: 22% of respondents
- 6-10: 36% of respondents
- 11-15: 6% of respondents
- 16-24: 6% of respondents
- More than 2 dozen: 24% of respondents
- More than 3 dozen: 6% of respondents
14. Do you use a password or pass phrase management app?
- Yes – for the office: 0% of respondents
- Yes – for personal use: 3% of respondents
- Yes – for both office and personal use: 6% of respondents
- No: 91% of respondents
15. If you use a password or pass phrase management app, please ID your preferred app.
- Apple Pass
- iPhone Notes
- Excel (password protected)
16. Do you keep a list of passwords or pass phrases you use in your career?
- Yes, I have a handwritten list and keep it secured: 22% of respondents
- Yes, I have a handwritten list but it’s not under lock and key: 3% of respondents
- Yes, I have a list stored on my computer: 33% of respondents
- No: 42% of respondents
17. Are you aware of any cybersecurity breaches having occurred at your workplace?
- Yes: 37% of respondents
- No: 63% of respondents
18. Have you encountered any cybersecurity breaches having occurred with your personal tech devices?
- Yes: 14% of respondents
- No: 86% of respondents