An Insane Amount Of People Failed This Common Tech Security Test

Daily Caller News Foundation logo
Steve Ambrose Contributor
Font Size:

You can usually get hilarious responses from people when they don’t quite know they are being watched. Unfortunately, you can also get some sad, dumb, and scary responses.

CompTIA, a non-profit trade association for the information technology industry, released the results from a study on employee cybersecurity Oct. 26, where nearly 20 percent of subjects picked up a random USB disk on the street, plugged them into computers, and opened up the files on the disk. (RELATED: U.S. Secrets At Risk After Ashley Madison Hack.)

USB drives are convenient for music, documents, and other files. They can also be great ways to transport viruses from one computer to another. Carelessly using an unknown USB can lead to malware or other malicious content very quickly infecting an organization’s entire computer system. (RELATED: New Russian Hacker Exploit ‘Most Significant Cyber-Espionage Threat’ To US, NATO Partners.)

From August to October, CompTIA had consumers unknowingly participate in a social experiment to observe their cybersecurity habits.

“200 unbranded USB sticks were dropped across high traffic public spaces – such as airports, coffee shops and public squares in business districts – including Chicago, Cleveland, San Francisco and Washington D.C.,” the report read. “The sticks were preprogrammed with text files prompting anyone who plugged the found USB sticks in to email a specific address or click through a trackable link.” (RELATED: US Healthcare Under Tidal Wave Of Chinese Hacking.)

After a few weeks, the data collected concluded that 17 percent of the consumers picked up the USB disk and plugged it into their computer.

The results also showed that those who fell prey to the experiment were not all technology novices without experience or exposure to cyber threats. The report identified that a number of information technology employees decided to plug-and-play with the random USB.

The report concluded that it is the younger generation, not the grandmothers and grandfathers, who are playing Russian roulette with cybersecurity. Forty percent of millennials were likely to pick up a USB stick found in public, as compared to 22 percent of Gen X and nine percent of Baby Boomers.

Todd Thibodeaux, president and chief executive officer of CompTIA, told Info Security Magazine “[w]e can’t expect employees to act securely without providing them with the knowledge and resources to do so. Employees are the first line of defense, so it’s imperative that organizations make it a priority to train all employees on cybersecurity best practices.”

In an email to the Daily Caller News Foundation, Thibodeaux outlined four steps for employers to address cybersecurity with an audience that is unfamiliar with the topic. First, create policies that define corporate security guidelines. Second, establish processes to maintain security integrity. Third, use products to assist in monitoring and protection. Finally, have individuals who are trained so that they are more cyber-aware.

The last point was the most critical for Thibodeaux. “The best security technology products and the most comprehensive policies and processes,” he said, “won’t work without appropriate human action. Spreading cybersecurity awareness, knowledge and training throughout the entire organization is essential.”

The USB experiment, however, was only one facet of the report and the rest of the results were also a little disconcerting.

According to the study, 45 percent of employees receive no cybersecurity training from their employers; only 35 percent make changing all of their login information their first response after discovering a security breach; and of employees with ten different login accounts, 66 percent do not have at least ten unique username and password combinations.

Thibodeaux told the Daily Caller News Foundation:

The results certainly drive home the point that the IT industry has recognized for some time. The person using the PC, laptop, tablet or smart phone is the weakest link in an organization’s security defense. This risk is heightened as the workforce becomes more mobile. The mobile workforce is a boon to business agility, customer engagement and employee productivity. But it’s also created a cybersecurity nightmare. Every device that employees use to conduct business – smartphones and smartwatches, tablets and laptops – is a potential security vulnerability. Companies that fail to acknowledge and address this fact face the very real risk of becoming a victim of cyber criminals and hackers.

Follow Steve Ambrose on Twitter

Content created by The Daily Caller News Foundation is available without charge to any eligible news publisher that can provide a large audience. For licensing opportunities of our original content, please contact

All content created by the Daily Caller News Foundation, an independent and nonpartisan newswire service, is available without charge to any legitimate news publisher that can provide a large audience. All republished articles must include our logo, our reporter’s byline and their DCNF affiliation. For any questions about our guidelines or partnering with us, please contact