A few months ago Intel conducted a very casual survey asking what people do when presented with certain security scenarios regarding lost laptops and “phishing.” Phishing is the fraudulent electronic communication process of attempting to acquire personal information such as bank and credit card numbers, usernames and passwords, along with other details that can be used in identity theft and more. The most common form of phishing is through email or Web sites that look exactly like legitimate messages from your bank or creditors that are attempting to gather private information.
Questions asked in the survey were:
1. Have you ever knowingly clicked on a phishing attempt? If you answered yes to the above question on the phishing attempt, why?
2. What kind of activities do you do on your business computer today that you didn’t do three years ago?
3. If your laptop gets stolen, how do you try to recover it?
4. If you lost your laptop, what data are you most worried about falling into the wrong hands?
We received just over 30 responses (which by no means is statistically valid), but it did provide a glimpse into people’s computer conduct. Here’s what we got for the responses – some more surprising than others.
Have you ever knowingly clicked on a phishing attempt? A quarter of the respondents had knowingly clicked on a phishing attempt. Reasons ranged from “the devil made me do it” to “heard about them on the news and was curious what one looked like. “ One even said they wanted to “’troubleshoot it.’” Essentially, people were curious and wanted to know what a phishing attempt was. For all of those that have yet to click on a phishing attempt, Intel very strongly recommends not to click on one!
What kind of activities do you do on your business computer today that you didn’t do three years ago? There were 24 responses to this question, and the majority of respondents pointed to social media (Twitter, Facebook, LinkedIn), which illustrates the growing importance of using caution when clicking on links from unknown sources. The second most popular response was video-based activity - like videoconferencing or creating and editing videos, as more and more employees use graphics in their day-to-day work.
If your laptop gets stolen, how do you try to recover it? Thirty-eight percent of respondents said they would call the venue to see if they had found it; while 31 percent said they would call their IT to see if the laptop had a tracking device. Twenty-one percent of respondents said they would call the police, while another 10 percent said they would check online forums to see if someone was selling it. One of the respondents commented that they didn’t have a clue on what to do if they lost their laptop. This is just one example of why it’s important to educate employees about best security practices and the appropriate steps employees should take when losing a laptop.
If you lost your laptop, what data are you most worried about falling into the wrong hands? Of the respondents, 63 percent said confidential data, followed by 16.7 percent said passwords, followed by 13.3 percent said financial information, followed by 7 percent said contacts and address book. Most respondents were concerned that their passwords would be compromised, which would give access to other personal data. Others feared loss of information about future products for work contained on their laptops. It was positive to see that a number of respondents said they utilized some type of encryption for the laptop hard drive or an external hard drive.