A survey conducted late last year by cybersecurity firm, Sophos, produced several scary findings - including that many people giving cybersecurity advice may be woefully unqualified to do so.

The survey, which polled 1,250 individuals in the US, UK, Germany, Austria and Switzerland, found that while about half of all of the people surveyed were not familiar with email phishing scams, or perceived such attacks to comprise a minimal threat, 55 percent of those surveyed said that they advise someone else on matters related to data security.

Think about that for a moment. There are people who are not familiar with phishing, or who do not perceive it to be a significant risk, who are providing cybersecurity advice to other people. Contrast these advice givers' perception with reality - nearly all major breaches begin with social engineering attacks, with one recent study finding that over 90% of such attacks commence with some form of phishing (sometimes following social-media oversharing, which helps criminals craft effective spear phishing emails). Making matters worse, of the 55% who are advising other people, 25 percent were not confident that the people whom they were advising use anti-virus software, and 14 percent stated that they were not confident that the people properly back up their data properly either.

If this survey is accurate, there are a lot of vulnerable people out there - many of whom are likely also providing bad cybersecurity advice to other people!

What should you do?

When you need information security advice, ask someone who knows information security.

Sometimes you may have to pay - but the ounce of prevention can be worth many tons of cure.

Think about it like this: If you would not seek medical advice for a serious condition from anyone but a doctor, and would not seek legal advice for a serious legal matter from anyone but a lawyer, and would not seek help with a serious accounting issue from anyone but an accountant, why would you solicit cybersecurity advice from someone who is not properly trained and experienced? The risks are simply too great.

Published on: Jan 17, 2017
Like this column? Sign up to subscribe to email alerts and you'll never miss a post.
The opinions expressed here by Inc.com columnists are their own, not those of Inc.com.