Many consumers fail to practice basic cyber hygiene, as per Tenable study
A study conducted online by Harris Poll, on behalf of Tenable, has found that consumers still fail to practice basic security cyber hygiene. While nearly all respondents (94%) were aware of recent data breaches, few have taken critical steps to protect their data or changed their online habits.
The study found 44% of those questioned did not use a password to protect their computers with 55% failing to add a PIN to protect their mobile devices. When it comes to the industry recommended practice of two-factor authentication, a staggering 75% revealed they’d not implemented this feature to protect their personal information.
Just 32% of respondents said the affect of recent security breach news stories meant they’d reduced their use of public Wi-Fi or unknown hotspots. There were some positives as over half surveyed (53%) confirmed that they had made their account passwords more complicated, with 15% opting to use a password management tool.
Jennifer Johnson, chief marketing officer of Tenable explained, “Given the recent slew of data breaches you’d expect consumers to be more aware of security incidents and potentially to have changed their habits. However, this study found quite the reverse. While nearly all the respondents were aware of recent breaches, almost half (43%) confessed they’d not changed their online habits as a result.
Another surprising figure was that only 19% said they’d utilised biometric security options on their devices in the past 12 months, which is unexpected given Apple introduced the use of a thumbprint as a security measure in 2013. This all indicates that many consumers still fail to comprehend the role they play in accountability when it comes to taking specific actions to safeguard their own personal data. It’s basic cyber security illiteracy.”
Looking at those who were aware of recent security breaches, just 12% said that they believed that their personal information had been stolen by hackers in the past 12 months. Given the Equifax breach alone exposed the sensitive data of as many as 143 million Americans, that number is statistically impossible.
Add to this the Yahoo! breach and countless others, the results of this study suggest an alarming lack of understanding about the pervasiveness of recent breaches and the risks they pose. In fact, 37% think it’s likely their personal information will be stolen as a result of a security breach in the next six months.
Focusing on where perceived risks lie, 63% said they were worried that their data may be stolen when connecting to public or unknown Wi-Fi hotspots, with 58% worried that their personal information may be stolen when online shopping, while half are worried when banking online, with only 35% concerned when connecting with their friends/family through social media.
A popular inroad for hackers to compromise devices and steal data is when apps have security vulnerabilities, yet few people patch promptly. 14% of smartphone users wait more than a week to update apps on their smartphone after receiving a prompt, with 4% confessing they may never get round to it. Meanwhile, 13% of computer users wait more than a week to update the apps on their computer, with 3% who wait longer than a month after receiving a prompt, and 5% who never update apps on their computer.
Jennifer adds, “The irony is that cyber poses an existential threat to our economy and to our very social fabric and safeguarding ourselves is therefore a shared responsibility. Enterprises must lead the way by practicing fundamental hygiene and enforcing a basic standard of care for their customers’ data; but individuals must do their part, too — both as consumers and in many cases, as employees of those same enterprises — and that starts with cyber literacy.”
Tenable’s consumer security checklist is:
- Where applicable, enable two-factor authentication for all online services.
- Update your apps and computers within 24 hours of receiving a notification.
- Assign strong passwords to your computer, mobile phone and tablet and don’t share them with others.
Jennifer concludes, “Organisations need to lead the way in basic security practices that keep their customer and critical business data safe. It seems there is a need for a “top down” approach where organisations provide comprehensive cybersecurity but also team up with customers and employees to educate them about what they can do extend their best practices across their own personal attack surface.
This starts with companies being more transparent about their own security practices and holding themselves accountable for lapses. If they don’t make security a top business priority and they aren’t sensitive to these changing consumer patterns and needs, they risk losing customers. Today, being customer-focused isn’t just about making good products; it’s about listening to customers and making sure the products and services they are using don’t cause them harm.”
Further details from this study can be found in a blog posting published here.