Staying Safe Online Like a Pro
Hello everyone. Another lovely week brings another post on keeping your accounts safe.
Over the past two weeks, we’ve talked about a couple of features that we have introduced to keep you safe. However, online security is a mindset that should adopted by all users. Now, everyone has their own hints and tips, but we’d thought that we’d share some research (which we presented at the Symposium on Usable Privacy and Security last week) comparing how security experts and non-experts stay safe online.
We asked security experts and ordinary web-users what they do to stay safe online and here are the top five practices:
One of the things that we found most interesting is that the common ground between both groups is around careful password management. It’s a priority for both groups but they differ on their approaches. Security experts rely heavily on password managers, using them at least three times more frequently than non-experts. As one expert said, “Password managers change the whole calculus because they make it possible to have both strong and unique passwords.” One the other hand, non-experts focused more on using strong passwords; with one one non-expert remarking, “I try to remember my passwords because no one can hack my mind.”
The key difference was the attitudes towards software updates. 35% of experts and only 2% of non-experts said that installing software updates was one of their top security practices. Experts recognise the benefits of updates —“Patch, patch, patch” said one expert. However, non-experts not only aren’t clear on them, but are concerned about the potential risks of software updates. A non-expert told us: “I don’t know if updating software is always safe. What if you download malicious software?” Meanwhile, 42% of non-experts vs. only 7% of experts said that running antivirus software was one of the top three things they do to stay safe online. Experts acknowledged the benefits of antivirus software, but expressed concern that it might give users a false sense of security since it’s not a bulletproof solution.
Of course, no practice on either list makes users any less secure. The key is to use the practices you are most comfortable with and from providers you trust. Are there any top practices you use that aren’t on this list but you think should be? Feel free to comment.
You can view the entire research paper here: https://goo.gl/TLYVb4