There's no better time than autumn to raise user awareness about how to stay safe online. It's a time of year when children return to school and information security students take the next step towards launching their career. We also can't forget that October is National Cyber Security Awareness Month (NCSAM) in the United States and European Cyber Security Month (ECSM) in the European Union. In acknowledgment of the promise that fall holds for digital security, we at The State of Security published tips on how schoolchildren, aspiring infosec professionals and organizations can promote online safety for themselves and those around them. It would appear most users are beginning to listen. In a survey conducted on behalf of Arbor Security between September 20-22, 2016 among 2,056 U.S. adults, Regina Corso Consulting found that approximately three-quarters or more of Americans are concerned about their security (85 percent), their privacy (84 percent), downloading malware (82 percent), and websites tracking them (74 percent).
Those worries have led some American users to incorporate a variety of security features into their computing experience, including the following:
- Virus protection for their computer and/or tablet (70 percent)
- Different passwords for every website that requires one (57 percent)
- Automatic software updates on their computer and/or tablet (53 percent)
Such changes notwithstanding, many Americans fall short in other areas when it came to protecting their digital security. That's especially troubling considering two-thirds (67 percent) of users told Regina Corso Consulting survey they consider themselves to be tech-savvy. For instance, when asked about their privacy, 64 percent of U.S. adults said they either agree or strongly agree that their personal information is always protected whenever they use a website like Facebook or Amazon. Users aged 18-29 and 30-39 were more likely to agree to that opinion than those aged 40-54 and 55 and older (at 71 percent and 83 percent vs. 58 percent and 52 percent, respectively). The same goes for male users over female users. (69 percent compared to 60 percent.) Americans' poor levels of security aptitude didn't end there, either. More than a third (36 percent) of Americans went so far as to say they don't think twice about sharing their information on social media channels like Facebook, which is a dangerous perception considering what attackers can do with unsuspecting users' information. Additionally, a majority (55 percent) of respondents said they would click on a link sent to them from a friend via email even if they weren't expecting to hear from that individual. Such a perception all but guarantees those users will fall for a phishing scam and/or experience a malware infection at some point in their lives, types of attacks which actors can use to hack someone's account.
As the Arbor's findings demonstrate, only a minority of American users can adequately protect themselves against hackers. Let's say that reality plays out and some unknown actor hacks their email. Are those users equipped to deal with the situation and secure their accounts after the fact? The answer is no. Unfortunately, 55 percent of respondents said they would have no idea what to do in the event of a hacking attack. That ignorance could be the product of a mindset where users think their information is worthless compared to the data of governments and corporations. Indeed, 80 percent of Americans said they don't think they can protect themselves if the federal government can get hacked. In the shadow of large targets, such as the U.S. government, 39 percent of respondents said they don't worry about getting hacked because they don't feel their information is important enough. That's a dangerous way to think. Hackers target all kinds of information, including bank accounts, personal health data and website logins. Bad actors will, therefore, always have a reason to target someone else regardless of who they are, which is why users should be doing more to protect themselves and their data. Christopher Gaebler, Chief Marketing Officer at Arbor Networks, couldn't agree more. As quoted in a press release published by Business Wire:
"The big takeaway from this survey is that the relentless headlines about cyber-attacks have led to anxiety among a vast majority of Americans. Ironically, this has not driven people to do more to protect themselves online, but quite the contrary. The survey suggested these same people have really poor online security practices - which only makes the attackers' jobs easier. Although cyber-attacks are becoming more common, consumers are not powerless. In fact, there are basic steps people can take to protect themselves from the majority of online security threats."
Ordinary users can protect themselves against hacking attacks by implementing strong passwords and two-step verification (when available) for each of their web accounts; using a VPN while surfing the web; maintaining an up-to-date anti-virus solution on their computers; exercising caution around unsolicited links; and guarding their personal information on social media. Meanwhile, organizations can create policies that embody those recommendations. They should then train their workforce to abide by those best practices on a day-to-day basis, as well as invest in an insider threat solution that can help spot employees who might decide to compromise the information security of all critical business assets.
