Having wrinkles in a USB stick is certainly not great. But here\u2019s some good news: Dry cleaners are taking care of it and remove them from your clothes before processing your laundry. To strike a more serious note, a study conducted by internet security firm ESET in the United Kingdom has revealed that 22,266 USB sticks and 973 cell phones are among the various gold nuggets found by dry cleaners in dirty laundry each year. However, a staggering 45 percent of the devices never make it back to their owners.\nThese numbers are alarming but only the tip of the iceberg. The phenomenon as such is a common and global issue, far beyond the borders of the UK \u2013 and beyond dry cleaning. These gadgets are fun to have, cheap, incredibly convenient, small in size, highly mobile by nature, and enormously capable in terms of their memory capacity. Yet the common assumption that most of these devices are protected these days is a misbelief. While some of them might end up in the garbage can, others are creating headlines in the press, causing public embarrassments and all too often severe financial and reputation damages.\nA big risk for both owner and finder\nIn a 2013 report, Ernst & Young concluded that millions of cell phones and smartphones are lost or stolen every year. Over their lifespan, some 22 percent of the total number of mobile gadgets produced will disappear, and over 50 percent of these will never be retrieved. With many of these devices carrying sensitive information, these numbers are of great concern.\nIn the digital age, data is of high value, and chances are that some of these devices will be ending up in the wrong hands. While some cybercriminals are trying to market datasets in the Darknet, others are purchasing these datasets to exploit their victims in targeted campaigns.\nObviously, lost USB drives and other smart devices carry substantial risks to both the owner and the finder. Somebody who picks up a rigged drive can not only infect their own devices, but also spread malicious contents across their organization when using them at the workplace. Themes such as bring your own device (BYOD) even explicitly encourage people to do exactly that.\nHalf of people plug in USB sticks they find in a parking lot\nResearchers from University of Illinois decided to test what they call the \u201canecdotal belief,\u201d which suggests that people pick up USB sticks and plug them in, so they dropped 297 of them across the school\u2019s Urbana-Champaign campus in a field trial. The success rate in their study was between 45 and 98 percent. If there had been malware on these devices, they would have succeeded in rapidly launching a cyber-attack with the first devices communicating back home to the researchers within less than 6 minutes after they were dropped. However, while users initially connected the drive with altruistic intentions, nearly half went on and opened intriguing files \u2013 such as vacation photo \u2013 before trying to locate the drive\u2019s owner.\nA mere 16 percent of users bothered to scan the USB sticks with antivirus software before accessing the content. A mind-blowing 68 percent of the respondents took no precautions whatsoever before plugging in the drives.\nIn another experiment conducted on behalf of the Computing Technology Industry Association (CompTIA), some 200 unbranded USB sticks were placed across multiple public locations in Chicago, Cleveland, San Francisco and Washington to find out how many people would dare to do something risky. In one out of five attempts, users couldn\u2019t resist, picked up the drives and engaged in fairly dubious activities such as opening files, clicking on unfamiliar web links or sending messages to a listed email address.\nStill a long way to go\nOne would assume that in the digital era, people are more aware and cautious in terms of safeguarding data and their user behavior. However, the stats tell an entirely different story. In fact, the opposite is true.\nFindings based upon CompTIA\u2019s research also revealed:\n\n63 percent of employees use their work mobile device for personal activities.\nAge matters a great deal as far as cybersecurity awareness goes. Baby boomers, Gen X and millennials each present unique security challenges and risks to organizations.\n42 percent of millennials have had a work device infected with a virus in the past two years, compared to 32 percent across all employees.\n40 percent of millennials are tempted to pick up a USB stick found in public, compared to 22 percent of Gen X and 9 percent of baby boomers.\n27 percent of millennials have had their personal identifiable information hacked within the past two years compared to 19 percent of all employees.\n41 percent of employees do not know what two-factor authentication is.\n37 percent of employees only change their work passwords annually or sporadically.\nOnly 4 percent of respondents polled said that their first action, upon discovering their systems have been hacked, is to contact the authorities.\n\nRecommendations\nThese numbers are eye opening and clearly underline the necessity for individuals and businesses alike to take security more seriously.\nOrganizations should think along three major categories \u2013 people, processes and tools \u2013 in order to come up with a holistic, 360-degree conceptual framework of measures to combat cyber threats. This includes more emphasis on education and awareness, especially for young talent. Without regular training and rehearsals, people are otherwise likely to fall back into old behavioral patterns. Guidelines on the other hand will give people clear orientation on what to do and whom to contact \u2013 for example, in case a device has been found somewhere. The usage of security tools, especially mobile endpoint and device management solutions, is paramount. These tools typically come along with encryption, antivirus, authentication, inventory management functionality, etc., and aid in enforcing policies across the organization in an automated fashion in order to safeguard data and prevent outsiders from unauthorized access. Wherever possible, organizations should use two-factor authentication rather than solely relying on passwords.