Believing erroneous behavior is correct or appropriate is the most difficult mindset to correct, according to the trainers.

At the beginning of April 2020, to help businesses train their staff on cyber security skills, Kaspersky and adaptive learning firm Area9 Lyceum had launched a free course for those transitioning to wfh, covering the basics of secure remote operations.

Analysis of anonymized learning results revealed that WFH tended to overestimate the level of their knowledge of cyber security basics. In 90% of cases, when learners selected a wrong answer, they evaluated their feelings toward the given response as “I know it” or “I think I know it”.

The study also identified the most difficult learning objectives—the hardest being why virtual machines need to be used. As much as 60% of the given answers were incorrect on this matter, with 90% of respondents falling into the ‘unconscious incompetence’ category. This means that mistaken learners were still sure that they had selected the right answer or option.

Unconscious incompetence

More than half of responses (52%) to questions about why employees should use corporate IT resources (such as mail and messaging services or cloud storage) when working from home—were incorrect. Also, in 88% of cases, remote employees thought that they could explain this correctly.

Almost the same proportion of mistakes (50%) was made when answering a question about how to install software updates. In this case, a majority of 92% of those who got the answer wrong, believed they already had that required skill.

Commented Denis Barinov, Head, Kaspersky Academy: “If employees see no danger in risky actions, let’s say, in storing sensitive documents in personal storage, they are unlikely to seek advice from IT or IT Security departments. From this perspective, it’s hard to change such behavior, because a person has an established habit and may not recognize the associated risks. As a result, ‘unconscious incompetence’ is one of the most difficult issues to identify and solve with security awareness training while wfh.”