Found an abandoned USB drive on the street? Don’t pick it up
In one in five instances in a survey done by trade association COMPITA, abandoned USB drives were picked up and connected to a device and the files searched and links clicked on.tech Updated: Oct 27, 2015 15:10 IST
The chances are that if you find a penny and pick it up, there’s still an all-day possibility of good fortune. However, the same cannot be said of an abandoned flash drive. Pick one of those up and there’s an all-day risk of falling prey to some form of cybercrime.
To highlight how easy it is to completely expose one’s digital life, simply via misplaced altruism, the US IT Industry Trade Association -- CompTIA -- conducted a social experiment. It left 200 unbranded USB flash drives in busy areas in Chicago, Cleveland, San Francisco and Washington DC to see what would happen. In one in five instances, the drive was picked up and connected to a device and the files searched and links clicked on.
“These actions may seem innocuous, but each has the potential to open the door to the very real threat of becoming the victim of a hacker or a cybercriminal,” said Todd Thibodeaux, president and CEO, CompTIA.
The study is a great way of highlighting how simple it is to fall victim to a potential cyber attack -- especially when not in a digital safety frame of mind.
But the experiment was also used to publicise a new in-depth white paper (which includes a study of 1200 full-time workers in the US) on the subject that suggests businesses as well as individuals need to take greater responsibility when it comes to cyber safety.
For example, 94% of workers said they regularly access public Wi-Fi with a company device and 69% of that number do so for conducting business.
What’s more, over 60% use their business devices for personal activities, 36% use their work email for personal correspondence, and 38% re-appropriate their work passwords for other logins.
All of which are just a small sample of the many activities exposed in the report that can lead to both personal and corporate data exposure.
“Employees are the first line of defense, so it’s imperative that organizations make it a priority to train all employees on cybersecurity best practices,” said Thibodeaux.
What this means is that businesses should approach cyber security training and awareness as an on-going exercise that continually informs and educates workers and teaches lessons they can apply at home.
“We can’t expect employees to act securely without providing them with the knowledge and resources to do so,” said Thibodeaux.