Retail organizations consistently rank as some of the most popular targets for cybercriminals.
Being in the crosshairs, retail employees need to have a strong handle of cybersecurity and data privacy best practices. But do they?
We wanted to find out, so we polled 847 U.S. retail employees, asking questions across eight common security and privacy risk areas. We detail the results and provide a breakdown of each risk area in our executive summary Moving Beyond PCI Compliance: 2017 Privacy and Security Awareness in Retail.
- Only 29% of respondents showed strong knowledge of security and privacy risks, meaning they’re likely well-prepared to deal with a variety of cyber threats
- 60% of respondents chose to discard a potential password hint in an unsecured trash bin
- 26% of respondents thought it was acceptable to use a personal USB drive to transfer work documents when working remotely
About the Survey
We surveyed 847 individuals employed in the retail industry from September 2016 through February 2017. We tested their knowledge across eight different risk areas, including identifying phishing attempts, safe social media use, incident reporting, and working remotely. Respondents were asked a variety of questions based on real-world scenarios, such as correctly identifying personal information and logging on to public Wi-Fi networks.
Based upon their response, we assigned them to one of three different risk profiles. The three risk profiles—Risk, Novice, and Hero—are based on the number of proper behaviors correctly identified. The more correct behaviors an employee can identify, the less of a privacy and security risk they represent.
Want just the highlights of this landmark survey? Check out our infographic here!