There’s a lot of room for improvement when it comes to educating employees about cybersecurity. Case in point: the cybersecurity awareness training firm KnowBe4′s State of Privacy and Security Awareness Report. This report details the state of employee awareness and practices — and it’s not good news for most organizations.

The report is based on feedback from 1,000 employees in small, midsize and large companies in the United States. The purpose is to determine how much cybersecurity training workers have received and how that information translates into cyber security awareness. The report brings some alarming findings to the surface. For instance, employees surveyed could not identify some common and potentially devastating types of cyber risks and how those risks could adversely affect their employers.

According to the report, nearly one-quarter of employees believe that clicking on suspicious links or attachments presented little or no cyber risk. In reality, it’s one of the most common and effective strategies for cybercriminals. Similarly, less than a third of respondents said that allowing family members and friends to use work devices outside of work hours is risky or presents serious risks. In reality, this practice breaks the human firewall chain and has led to breaches.

What’s perhaps the most unsettling is that many employees who work in vulnerable sectors are not savvy when it comes to these matters. The survey found that only 14% of government employees and 22% of healthcare employees can confidently describe to senior management the negative effects of cybersecurity risks. This compares with 47% and 50% in technology and finance, respectively.

At the same time, the bad actors seem to be tuned into this reality. Due to the pandemic, cybercriminals have been taking advantage of industries that have been hit the hardest, such as healthcare, municipalities, and educational facilities. These hackers also see the pandemic as an opportunity to take advantage of employees that are now working remotely on their personal devices.

According to the report, employees in government and healthcare had the least amount of knowledge of social engineering attacks. Per the report, only 15% of government employees “very well” understood the five types of social engineering threats. Think phishing, spear phishing, business email compromise, vishing, and smishing. Workers in health care and education reported only slightly more awareness of these risks, at 16% and 17%, respectively.

This report and others like it underscore the need for regular employee training on cyber security risks and best practices; company-wide cyber policies outlining expectations for employees; the right preventive tools and the right type and amount of cyber insurance coverage.

As a business owner, do you believe that your skills, intelligence and abilities can be developed over time? Or do you believe that your talents are mostly fixed, meaning that if you’re not really good at something now, you probably won’t ever be great at it? These are critical questions to ask yourself. That’s because your mindset — how you view, interpret and act on decisions, problems and challenges in your life — can play a significant role in your success and happiness. Or it can hold you back from being the person — and business leader — you want to be.

American psychologist Carol Dweck is credited for identifying two main types of mindsets. A growth (also called learning) mindset is a belief that with hard work, desire and perseverance, most people can develop and improve their talents, abilities, and intelligence. On the other hand, those with a fixed mindset believe that a person’s talent and intelligence are more or less innate — you either have certain characteristics or you don’t. In other words, there are ‘gifted’ people and there’s everyone else. Those with fixed mindsets do not believe they (or anyone else for that matter) can significantly improve their innate qualities.

There’s no shortage of examples of the great things that can be accomplished with a growth mindset. For example, at Microsoft, Satya Nadella made it his mission to revamp the leadership and the culture at Microsoft with a growth mindset after taking over in 2014. In his book, Hit Refresh, Nadella explains that mindsets– specifically helping employees at the company develop growth mindsets– were his tool for taking Microsoft to the next level. After more than a decade of static market capitalization and share price, Nadella helped usher in a new era for Microsoft, one in which the company’s market capitalization and stock price more than tripled. Pfizer, too, credits a growth mindset for the company’s success and growth.

One of the keys in developing a growth mindset is to help yourself and your organization’s leaders view failure as an opportunity to reflect, learn and improve your skills. In many organizations, failure is not tolerated or viewed negatively, which makes employees fearful of making mistakes and as a result less likely to take risks and think innovatively. To adopt a growth mindset, business leaders and employees must embrace risk and imperfection and push themselves out of established comfort zones.

Henry Ford once said, “Whether you believe you can do a thing or not, you are right.” He couldn’t have been more right.