A recent survey by Google of security experts and computer-literate, non-security experts showed the difference between what each group thinks are the best things to do to stay secure online. The survey simply asked, “What are the top 3 pieces of advice you would give to a non-tech-savvy user to protect their security online?” and then was followed up with clarifying questions.
The results are striking in the differences between each groups’ responses. Meaning non-security experts are not following the advice of security experts. And if it’s this bad for the computer-literate, how bad do you think it is for the non-technical?
The most horrific results of the survey relate to the #1 piece of advice the security experts rely on – keeping their systems up to date. Security experts know that virtually all of these updates contain fixes for security holes. The rest of the public doesn’t trust the updates, they think they might be malicious in nature, the exact opposite of what they are intended to do.
Here on EasySecurityOnline we always recommend updating your systems, especially when severe bugs become known. It is far easier for someone to use a security vulnerability on your device to gain access to your sensitive data and passwords than it is for them to break into the institution holding all of those passwords and decrypt it from there.
You should go out of your way to upgrade at every opportunity, and enable automatic updates. Except don’t upgrade to Windows 10!
When asked for the top three things they do to stay safe on-line, the most common reponse from experts was installing software updates. For instance, E128 said: “Update all the software and firmware to fix any possible vulnerability.” Furthermore, E78 also said: “Patch, patch, patch.” Installing updates was also the security measure with the highest percentage difference between experts and non-experts; it was mentioned by 35% of experts, but only by 2% of non-experts.
A closer look at the discrepancies between answers shows how important updating your system, 2-Factor Authentication and password managers are to security experts. It also shows how relatively unimportant the practices of changing your password regularly or using antivirus software are.
I don’t think any security expert would tell you that antivirus software was useless. It’s just that the protection such software offers is minimal in the grand scheme of attack possibilities, especially compared with system updates and 2FA.
There is a wealth of data in these charts. But they basically boil down to the advice we’ve given here at EasySecurityOnline.com since day 1 – use a password manager to store all of your unique passwords.
Like anything worth doing, password managers take a little bit of time to setup. But once they are ready things not only become safer online, they become EASIER. More information on password managers and how to create strong, unique passwords that you can remember can be found in my ebook, while links to some different managers can be found in the Tools You Need section.
The full paper is as dense as you’d expect a research paper to be. It’s still worth a read.
What you need to do:
Enable automatic updates for your devices
Setup 2-Factor Authentication for your most important accounts
Setup a password manager
Build a strong, unique password each for your password manager and your main email. Everything else goes in your password manager