You don’t have to look far to find frightening stories about cyber security, nor much further to find articles about how to protect your identity online. Yet in spite of the glut of available advice, the perception persists that expert-level cyber security is unattainable by the masses. Last week, Google researchers presented a study about the differences between how experts and non-experts protect their identity online. The results indicated a number of discrepancies between the practices of the two groups, but the strongest takeaway was that protecting yourself like an expert requires very little expertise at all! In fact, the endorsed practices require little to no knowledge of malicious code or computer networking. And you definitely don’t need to have a computer science degree to figure out how to implement these security measures. What is more, you are probably already using or aware of how to use some of the more advanced practices (such as two-factor authentication). So if you already possess the know-how to maintain an advanced level of online protection, what exactly are the experts doing differently? And what are the differences between how an expert and non-expert protects his or her identity online? For one, experts do not rely on anti-virus software. To compare, only 7 percent of experts considered anti-virus software to rank in top three most important things to do to protect yourself online, versus 42 percent of non-experts. Additionally, experts use password manager programs to store their credentials for at least some of their accounts. In this case, 73 percent of experts use a password manager versus 24 percent of non-experts. In spite of the fact that people who work in cyber security are stereotyped as paranoid, Google’s research pointed out that in many cases, the non-expert was more paranoid than the expert. This was proven true of password management systems, but also of downloading software updates. Twenty-five percent of experts say they install updates immediately, whereas nine percent of non-experts do the same. One non-expert commented, “I don’t know if updating software is always safe. What if you download malicious software?” While taking precautions online is generally a good principle, it appears that in some cases the average user is overly cautious to the point of unconsciously ending up back in harm’s way. Even though this research sidesteps the question about which measures correspond to what outcomes, the implication is that the average user would do well to adapt the simple practices that the experts use overwhelmingly. Do’s:
- 1.) Install software updates 2.) Use a password manager 3.) Use two-factor authentication
- 1.) Don’t rely solely on anti-virus software 2.) Don’t click on links or emails from unknown sources 3.) Don’t use the same password for multiple accounts
How do you protect yourself online? Do you think Google's research offers up any new insights?